Snort mailing list archives
Re: Portscans from China ?
From: "Michael Scheidell" <scheidell () fdma com>
Date: Mon, 15 Apr 2002 08:04:00 -0400
----- Original Message ----- From: "Mike Arrison" <arrison () graphcalc com> Newsgroups: local.snort.users Sent: Sunday, April 14, 2002 1:02 PM Subject: RE: [Snort-users] Portscans from China ?
China is a known haven for hackers. Due to their relative infancy of online connectivity, there are many servers there that have to been secured. One of the most common are mail servers that are left as open relays for spam. Others are compromised systems controlled by (often American) foreign hackers, used to mask their origin.
Not that it helps any, but makes me feel good, also log those to either dshield.org or mynetwatchman. both have scripts to take snort logs and upload them. mynetwatchman uses a separate csv file and the perl agent to upload in real time and then send a (probably useless) lart to whatever isp admin then can find. Like I said, it is probably useless, but its about all I can think of doing without firewalling china _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscans from China ? Tudor Panaitescu (Apr 14)
- RE: Portscans from China ? Mike Arrison (Apr 14)
- Re: Portscans from China ? Michael Scheidell (Apr 15)
- RE: Portscans from China ? Mike Arrison (Apr 14)