[Dshield] question....

KeithTarrant KeithTarrant at spamcop.net
Tue Oct 1 00:16:35 GMT 2002


Hi Karen -

----- Original Message -----
From: "Karen" <karenj at worldlynx.net>
To: <list at dshield.org>
Sent: Monday, September 30, 2002 8:42 AM
Subject: Re: [Dshield] question....

> Dear Kenneth:
>
> Thank you for responding to my question.
>
> I'm clueless as to what this report means...sigh.  I guess I should be
> apologizing to everyone for making this extra work when I don't
understand
> the responses, anyway!!  Sheesh!

The thing to know is that if your firewall blocked it, it didn't get
through.

You can use the DShield "Fightback" option to help get infected machines
and hackers taken care of when they make scanning attacks (attacks not
directed at your particularly).

For most people, so long as you update your anti-virus signatures daily,
keep your firewall working, apply security fixes to your  software every
couple of weeks, don't run files you get in emails, aren't running
servers, and  have good passwords on everything that can have passwords,
you will generally be safe from all but focused attacks (where someone is
particularly going after your computer).

For focused attacks, keep an eye on probing activity, learn the normal
range of activity, and if you notice more *varied* probes than normal,
like someone is trying one thing, then another, then another, maybe from
one machine, maybe from several machines, maybe in one day, maybe over a
period of a week, and only your machine(s) are affected (that is, it isn't
some new widespread thing) then get help.

- Keith
>
> Take care,
>
> Karen
>
> ----- Original Message -----
> From: "Kenneth Williams" <ken at kwilliams.org>
> To: <list at dshield.org>
> Sent: Sunday, September 29, 2002 12:15 PM
> Subject: Re: [Dshield] question....
>
>
> > Name:    ppp-ptc-pm3-07-036.fiberlynx.net
> > Address:  64.80.74.84
> > ; <<>> DiG 8.2 <<>> -x
> > ;; res options: init recurs defnam dnsrch
> > ;; got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
> > ;; QUERY SECTION:
> > ;;      84.74.80.64.in-addr.arpa, type = ANY, class = IN
> >
> > ;; ANSWER SECTION:
> > 84.74.80.64.in-addr.arpa.  1D IN NS  ns1.worldlynx.net.
> > 84.74.80.64.in-addr.arpa.  1D IN NS  ns2.worldlynx.net.
> >
> > ;; AUTHORITY SECTION:
> > 84.74.80.64.in-addr.arpa.  1D IN NS  ns1.worldlynx.net.
> > 84.74.80.64.in-addr.arpa.  1D IN NS  ns2.worldlynx.net.
> >
> > ;; ADDITIONAL SECTION:
> > ns1.worldlynx.net.      1d11h42m30s IN A  64.80.77.31
> > ns2.worldlynx.net.      1d11h42m30s IN A  64.80.72.5
> >
> > ;; Total query time: 160 msec
> > ;; FROM: mail.kwilliams.org to SERVER: default -- 206.13.31.12
> > ;; WHEN: Sun Sep 29 09:12:38 2002
> > ;; MSG SIZE  sent: 42  rcvd: 151
> >
> >
> > ----- Original Message -----
> > From: Karen
> > To: dshieldlist
> > Sent: Saturday, September 28, 2002 10:08 PM
> > Subject: [Dshield] question....
> >
> >
> > I'm new to the list, and just joined out of curiosity because I keep
> getting
> > 'pinged', some I've trace on Neo Trace.  This one was strange because
it
> > couldn't find who it was.  Any ideas/help?
> >
> > This was the number
> >
> > 64.80.74.84  UDP Port 1026
> >
> > Thanks!
> >
> > Karen
> >
> > _______________________________________________
> > Dshield mailing list
> > Dshield at dshield.org
> > To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> >
>
>





More information about the list mailing list