[Dshield] Questions from list newbie
Mercymail at mindspring.com
Fri Jun 21 21:13:32 GMT 2002
Thanks for answering my questions, Antti.
----- Original Message -----
From: "Antti Tolamo" <Usenet at linux.tola.org>
To: <list at dshield.org>
Sent: Thursday, June 20, 2002 8:50 PM
Subject: Re: [Dshield] Questions from list newbie
> Viestissä Torstai 20. Kesäkuuta 2002 10:08, kirjoitit:
> > Hi..
> > I'm new to this list, and I signed up for the fight back feature where I
> > can send my zone alarm logs in.
> > Do I send the log as an attachment, or, just copy & paste into the
> Copy & paste is always a good idea.
> > Also... it says to send relevant log excerpts. I don't mean to sound
> > stupid, but how do I know which ones are relevant (hacker related) and
> > others are just background noise?
> Well, you can't.. You can't deduct from a firewall log easily
> are you target of some attemp or just a target of scan among many,
> Only way you know diffrence when someboduy repeadetly tries to do
> or the attack has some concrete effect you can't ignore.
> if neither is true, then I'd say it is just a guess what scans mean.
> > I also have a question about numerous hits on port 1214. I know this
> > is used for Kazaa file sharing, but, I don't use Kazaa or Gnutella,
> > audiogalaxy.... none of them.
> Do you have a dynamic IP? If you have, then it can be that previous
> user used it and you get 'left overs'. There can also be an exploit
> in Kazaa that explains it, but I wouldn't know.
> > I've also read something about if someone
> > else on my ISP had my IP address and was using Kazaa before I signed on,
> > could get hits to this port. But, I have DSL and it's almost always on.
> > Wouldn't my IP address remain the same for the duration of my
> Depends. It should stay same long if one is long online, however IP
> are known to change after a while with certain ISPs. How often depends on
> I don't really know, but I guess it could be that some ISP's change IP's
> often enough to make keeping of servers difficult. Servers usually mean
> traffic, and more machines broken into that can send spam, viruses or sca
> other vulnerable machines nearby.. Otherwords more costs to ISP's
> Here atleast some ISP's have blocked certain ports and made clear that
> servers can't be kept unless owner upgrades to more expensive connection.
> > Pardon my ignorance, but I'm trying to learn more about all of this :)
> > I aprecieate any feedback.
> > Thanks a bunch,
> > Mercy
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
More information about the list