[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IDS: looks like portscans..?

To: "'Intruder Detection List'" <ids@uow.edu.au>
Subject: IDS: looks like portscans..?
From: Matt Lemsing <mlemsing@swavley.com.au>
Date: Wed, 26 May 1999 09:26:17 +1000
Sender: owner-ids@uow.edu.au

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems.. Then email questions to ids-owner@uow.edu.au
NOTE: You MUST remove this line from reply messages as it will be filtered.
SPAM: DO NOT send unsolicted mail to this list.
USUB: email "unsubscribe ids" to majordomo@uow.edu.au
---------------------------------------------------------------------------

hi there, 

I am fairly new to IDS, but due to my need to secure our system, i
imagine i will be frequenting this list a bit. The following was taken
taken from our log files, and i just wanted to ask a few questions about
what 's there..

*****************************************************************
May 24 12:55:29 netcon1 ipop3d[14793]: warning: can't get client
address: Connection reset by peer
May 24 12:55:29 netcon1 ipop3d[14793]: connect from unknown
May 24 12:55:29 netcon1 ipop3d[14794]: warning: can't get client
address: Connection reset by peer
May 24 12:55:29 netcon1 ipop3d[14794]: connect from unknown
May 24 12:55:29 netcon1 ipop3d[14795]: warning: can't get client
address: Connection reset by peer
May 24 12:55:30 netcon1 ipop3d[14796]: warning: can't get client
address: Connection reset by peer
May 24 12:55:30 netcon1 ipop3d[14796]: connect from unknown
May 24 12:55:30 netcon1 ipop3d[14795]: connect from unknown
May 24 12:55:30 netcon1 ipop3d[14797]: warning: can't get client
address: Connection reset by peer
May 24 12:55:30 netcon1 ipop3d[14797]: connect from unknown
May 24 12:55:30 netcon1 ipop3d[14798]: warning: can't get client
address: Connection reset by peer
May 24 12:55:30 netcon1 ipop3d[14798]: connect from unknown
May 24 12:55:30 netcon1 ipop3d[14799]: warning: can't get client
address: Connection reset by peer
May 24 12:55:30 netcon1 ipop3d[14799]: connect from unknown
May 24 12:55:48 netcon1 ipop3d[14800]: warning: can't get client
address: Connection reset by peer
May 24 12:55:48 netcon1 ipop3d[14800]: connect from unknown
May 24 12:55:49 netcon1 ipop3d[14801]: warning: can't get client
address: Connection reset by peer
*****************************************************

Is this indicative of a port scan or someone trying to get in, or what?
and if so, what kind if tools exist to..

a) protect against these attacks..
b) notify me when they are happening..
c) are reasonably easy to setup..?

I am runing RH Linux 5.2.... any help wouod be greatly appreciated as i
have already lost too much time to these scumsucking weezels who are
trying to get in....

Matt

Follow-Ups:
- Re: IDS: looks like portscans..?
  - From: CyberPsychotic <mlists@gizmo.kyrnet.kg>

Prev by Date: Re: IDS: Cisco NetRanger
Next by Date: IDS: how to get a nuke tool of cracking BBS system
Prev by thread: IDS: about me
Next by thread: Re: IDS: looks like portscans..?
Index(es):
- Date
- Thread