elpollodiablo
29-04-2003, 17:51
ho un router/firewall con smoothwall 2.0b4 che condivide una connessione adsl sulla mia rete casalinga. premetto che ho aperto una porta UDP e una porta TCP (emule) verso un pc che scarica in continuo.
ora, cosa diavolo è tutta questa spazzatura assortita che trovo di continuo nel log di snort :eek:?
Date: 04/29 07:02:44
Name: MS-SQL Worm propagation attempt
Priority: 2
Type: Misc Attack
IP Info: 68.36.141.247:1050 -> 62.211.28.197:1434
Refs: http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310,
Date: 04/29 07:30:57
Name: SCAN SOCKS Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: 80.181.182.58:1048 -> 62.211.28.197:1080
Refs: http://help.undernet.org/proxyscan/,
Date: 04/29 08:10:10
Name: (snort_decoder) WARNING: TCP Data Offset is less than 5!
Priority: n/a
Type: n/a
IP Info: 192.168.1.10:0 -> 62.211.28.197:0
Refs:
Date: 04/29 08:35:20
Name: ICMP Source Quench
Priority: 2
Type: Potentially Bad Traffic
IP Info: 213.39.132.160:n/a -> 62.211.28.197:n/a
Refs:
Date: 04/29 10:12:38
Name: MS-SQL Worm propagation attempt
Priority: 2
Type: Misc Attack
IP Info: 12.254.247.35:1162 -> 62.211.31.125:1434
Refs: http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310,
Date: 04/29 10:16:04
Name: spp_portscan: portscan status from 67.41.181.237: 2 connections across 1 hosts: TCP(2), UDP(0) STEALTH
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:
che dite, mi preoccupo :D?
ciao, m
ora, cosa diavolo è tutta questa spazzatura assortita che trovo di continuo nel log di snort :eek:?
Date: 04/29 07:02:44
Name: MS-SQL Worm propagation attempt
Priority: 2
Type: Misc Attack
IP Info: 68.36.141.247:1050 -> 62.211.28.197:1434
Refs: http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310,
Date: 04/29 07:30:57
Name: SCAN SOCKS Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: 80.181.182.58:1048 -> 62.211.28.197:1080
Refs: http://help.undernet.org/proxyscan/,
Date: 04/29 08:10:10
Name: (snort_decoder) WARNING: TCP Data Offset is less than 5!
Priority: n/a
Type: n/a
IP Info: 192.168.1.10:0 -> 62.211.28.197:0
Refs:
Date: 04/29 08:35:20
Name: ICMP Source Quench
Priority: 2
Type: Potentially Bad Traffic
IP Info: 213.39.132.160:n/a -> 62.211.28.197:n/a
Refs:
Date: 04/29 10:12:38
Name: MS-SQL Worm propagation attempt
Priority: 2
Type: Misc Attack
IP Info: 12.254.247.35:1162 -> 62.211.31.125:1434
Refs: http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310,
Date: 04/29 10:16:04
Name: spp_portscan: portscan status from 67.41.181.237: 2 connections across 1 hosts: TCP(2), UDP(0) STEALTH
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:
che dite, mi preoccupo :D?
ciao, m