[Dshield] Questions from list newbie

Mercy Mercymail at mindspring.com
Fri Jun 21 21:13:32 GMT 2002


Thanks for answering my questions, Antti.

Mercy
----- Original Message -----
From: "Antti Tolamo" <Usenet at linux.tola.org>
To: <list at dshield.org>
Sent: Thursday, June 20, 2002 8:50 PM
Subject: Re: [Dshield] Questions from list newbie


> Viestissä Torstai 20. Kesäkuuta 2002 10:08, kirjoitit:
> > Hi..
> >
> > I'm new to this list, and I signed up for the fight back feature where I
> > can send my zone alarm logs in.
> >
> > Do I send the log as an attachment, or, just copy & paste into the
email?
>
> Copy & paste is always a good idea.
>
> > Also... it says to send relevant log excerpts.  I don't mean to sound
> > stupid, but how do I know which ones are relevant (hacker related) and
> > others are just background noise?
>
> Well, you can't.. You can't deduct from a firewall log easily
> are you target of some attemp or just a target of scan among many,
>
> Only way you know  diffrence when someboduy repeadetly tries to do
something
> or the attack has some concrete effect you can't ignore.
> if neither is true, then I'd say it is just a guess what scans mean.
>
> > I also have a question about numerous hits on port 1214.  I know this
port
> > is used for Kazaa file sharing, but, I don't use Kazaa or Gnutella,
> > audiogalaxy.... none of them.
>
> Do you have a dynamic IP? If you have, then it can be that previous
> user used it and you get 'left overs'. There can also be an exploit
> in Kazaa that explains it, but I wouldn't know.
>
> > I've also read something about if someone
> > else on my ISP had my IP address and was using Kazaa before I signed on,
I
> > could get hits to this port.  But, I have DSL and it's almost always on.
> > Wouldn't my IP address remain the same for the duration of my
connection?
>
> Depends. It should stay same long if one is long online, however IP
addresses
> are known to change after a while with certain ISPs.  How often depends on
> ISP..
>
>  I don't  really know, but I guess it could be that some ISP's change IP's
> often enough to make keeping of servers difficult. Servers usually mean
more
> traffic, and more machines broken into that can send spam, viruses or sca
> other vulnerable machines nearby.. Otherwords more costs to ISP's
>
>  Here atleast some ISP's have blocked certain ports  and made clear that
> servers can't be kept unless owner upgrades to more expensive connection.
>
> Antti
>
> > Pardon my ignorance, but I'm trying to learn more about all of this :)
>
> > I aprecieate any feedback.
> >
> > Thanks a bunch,
> >
> > Mercy
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list