Re: What is this?

Moe Trin wrote:
> In the Usenet newsgroup comp.security.firewalls, in article
> <OmvZe.34671$d5.189956@newsb.telia.net>, Anders wrote:
>
>
> You can use the built-in filtering terms in tcpdump to narrow that down
> a lot. For example 'tcpdump -n udp and not port 53' should only give you
> UDP traffic in either direction, but not DNS lookups. The -n is also to
> avoid adding even more traffic (DNS lookups to identify traffic by hostname).
>
I have run the -n option now, both then I was checking my mail on my ISP
and my acount on hotmail, I also did some reading on some newspapers,
and I can say that there is, as far as I now, no UDP traffic on my LAN
side, but on the WAN side thereīs a different story.
>
> Normally, I don't look very close at the perimeter firewall. It blocks this
> and that, and that is all I care to know. I'm really not interested in knowing
> that some host in Korea or Kenya tried to connect to a windoze trojan that I
> don't have installed - mainly because I don't have windoze on any system. They
> did not connect - and that is all that matters.
>
> Old guy
>
Well I do make use of XP from time to time butt mostley for
printing/scanning and recording my old LPīs, so I donīt let it conect to
internet any more, and some time in the future I will get ride of it
oneīs and for all.

By the way I did find this in my firewall log to day, it is from China
and I have blocked them long time ago, but it is a litle interesting to
see that they do make use of ICMP to see if Iīam really is on the net.

Datum: 09/26 09:10:08 Namn: ICMP PING NMAP
Prioritet: 2 Typ:: Attempted Information Leak
IP-info: 219.134.72.108:n/a -> my IP :n/a
Referenser: saknas SID: 469

09:10:17 INPUT eth1 TCP 219.134.72.108 2465 my IP 25(SMTP)
09:10:11 INPUT eth1 TCP 219.134.72.108 2465 my IP 25(SMTP)
09:10:08 INPUT eth1 TCP 219.134.72.108 2465 my IP 25(SMTP)

Anders
Received on Thu Sep 29 20:10:58 2005