[Dshield] How representative?

Chateauneuf dupape at bellatlantic.net
Tue Mar 25 14:57:14 GMT 2003


At 11:59 PM 3/24/2003 +0100, Henric Lindblad authored the following:
>Honestly I don't think the average DSL/Cable subscriber gets many actual
>"intrusion attempts"...
>
>They do get scanned a lot but most scans don't actually result in a
>intrusion attempt.
>
>If they do then that DSL/Cable subscriber is most likely running a
>"interesting" service. Such as Web server, SMTP, Proxy, FTP or SQL...
>
>Otherwise they will most likely be left alone.

I'm not so sure that I agree. FWIW, I think that the difference between a 
port scan and an intrusion attempt is the level of security.

My hypothesis is that a great many port scans are efforts to find potential 
open relays which can be used to send spam. In addition to relays I get 
quite a bit of activity on port 135. That is probably an attempt to send 
pop-up spam to MS Messenger.

I get a fair amount of unsolicited traffic. I have a static IP (DSL). No 
web server, my ISP blocks port 80, no FTP. I run a secure mail server.




More information about the list mailing list