[Dshield] Unknown.level3.net:80 attempted to attack my husband's pc

John Hardin johnh at aproposretail.com
Tue Sep 3 18:57:25 GMT 2002

On Fri, 2002-08-30 at 08:33, David Garfield wrote:
>  > TCP d2f2t6:2068 d2f2t6:0 LISTENING
>  > TCP d2f2t6:2068 unknown.level3.net:80 ESTABLISHED
> This could indicate a real hole!  This would typically be because of
> sloppy configuration, allowing any connection with an external port of
> 80, instead of only allowing any outgoing connection with an external
> port of 80.  In short, please examine in detail the rules for your
> firewalls

Indeed. Inbound connections FROM port 80 should be rejected, and
immediately suspected. They are a good indicator of an attack.

John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
 "To disable the Internet to save EMI and Disney is the moral
  equivalent of burning down the library of Alexandria to ensure the
  livelihood of monastic scribes."
                                    -- John Ippolito of the Guggenheim
 106 days until The Two Towers

More information about the list mailing list