![](https://seccdn.libravatar.org/avatar/0bacc4cf4247a349878c35b03dada3fc.jpg?s=120&d=mm&r=g)
Darren R. Weber wrote:
On Sun, 26 Dec 1999, you wrote:
what about messages like:
linux in.telnetd[4813] connect from 12.77.192.88
followed by peer died, invalid character
or
in.ftpd[8915] connect from 209.173.192.62
are these people connecting to my box? _____________________________________________________
Daniel Woodard
I would say yes someone is trying to connect to your computer. I would also hope that after that it says something about "connection refused . . .etc." If it doesn't chances are that they did connect to your computer. If they connected then you have to worry about weather or not they can get in. I would say you should look into setting up a firewall or at least turning off some services you don't need if this is happening alot. You can also configure IPs that you want to allow to connect to certain services and block others.
Ipchains is part of the solution. Set up TCP wrappers to not allow connections to your computer. See also http://www.georgetoft.com/security and http://www.georgetoft.com/network I have a script that scans the logs for refused connections and e-mails the results to me each day. This refused report is sorted by offending IP address, which allows me to easily see scans that take place during log rotation.
Personnally I don't worry about it much when I get scanned because there is nothing on my computer to get to, but as I put alot of work into setting this up I watch the logs and still take the time to report people who try. Keep an eye on your log files and watch for repeated attempts. Every now and then I get what I would call a random message but if I see several then I start taking notes and doing whois searches etc. You might also consider running root-tail so you can see it when it happens too.
I do. You should, too. Even if you have nothing important, an attacker can gain access to your computer, then use it as a jumping off point for attacks against someone else. Guess where the trail leads? Your house. I complained to a company that attacked my firewall. It wasn't the company, but some crackers that had compromised an old, insecure Red Hat install. The admin never secured the machine, so it was wide open. Their ISP received several hundred complaints about the attacks. Considering the rapid transition of the U.S. into an Information Police State, where the Feds can sieze your property if your are suspected of drug- or computer-related crimes and you don't get it back, even if you are never charged with a crime, I would take every precaution to make sure I am the only one using my computer. The concept of "due process" does does not exist anymore when it comes to drugs and computers. I'll research the exact laws and post a URL later - if there is interest. I've read them, they exist. -- George Toft http://www.georgetoft.com -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/