[Dshield] How representative?
dupape at bellatlantic.net
Tue Mar 25 14:57:14 GMT 2003
At 11:59 PM 3/24/2003 +0100, Henric Lindblad authored the following:
>Honestly I don't think the average DSL/Cable subscriber gets many actual
>They do get scanned a lot but most scans don't actually result in a
>If they do then that DSL/Cable subscriber is most likely running a
>"interesting" service. Such as Web server, SMTP, Proxy, FTP or SQL...
>Otherwise they will most likely be left alone.
I'm not so sure that I agree. FWIW, I think that the difference between a
port scan and an intrusion attempt is the level of security.
My hypothesis is that a great many port scans are efforts to find potential
open relays which can be used to send spam. In addition to relays I get
quite a bit of activity on port 135. That is probably an attempt to send
pop-up spam to MS Messenger.
I get a fair amount of unsolicited traffic. I have a static IP (DSL). No
web server, my ISP blocks port 80, no FTP. I run a secure mail server.
More information about the list