Hi all,
More security issues:
Has anyone else out there been seeing repeated scans of their machines by
multiple hosts on the wanadoo.fr network? (Typical ip addresses starting
with 193.252, 193.253, 217.128 and others). Typical log entries look like:
Dec 6 10:49:32 4C:avance300 ftpd[99600]: refused connect from 193.252.184.203
Dec 7 22:53:34 4C:avance300 ftpd[114312]: refused connect from 193.252.203.57
Dec 8 07:49:08 4C:avance300 ftpd[119693]: refused connect from 193.252.203.57
Dec 10 08:33:43 4C:avance300 ftpd[116537]: refused connect from 217.128.216.143
Dec 11 00:16:18 4C:avance300 ftpd[120440]: refused connect from 217.128.242.38
Dec 12 11:27:51 4C:avance300 ftpd[122484]: refused connect from 193.253.62.11
Dec 12 17:24:01 4C:avance300 ftpd[124923]: refused connect from 193.253.62.11
It is usually the ftp daemon, but occasionally the telnet daemon, in what looks
like
an attempt to exploit a buffer overflow. This activity has been ongoing for
about
a year, and the (now closed) incoming directory of our anonymous ftp server
was used to distribute material that was, shall we say, not appropriate.
Complaints to the network. admin have met with nothing but the usual automated
replies. I have had far more problems with this network than all of the
others put together.
Are most users out there using an actual firewall (machine) to protect
their networks? I have been relying on a tcp wrapper program, but I am
beginning to think that this is not sufficient.
Any recommendations on firewalls?
Cheers
-Kirk
Kirk Marat, Ph.D. NMR Facility Manager
Dept. of Chemistry and Prairie Regional NMR Centre
University of Manitoba
Winnipeg, Manitoba, CANADA
R3T 2N2
Phone: (204) 474-6259 FAX: (204) 474-7608
Email: kirk_marat_at_umanitoba.ca
Received on Thu Dec 13 2001 - 18:08:10 MST