On Saturday 20 April 2002 12:30, you wrote:
> I have a few questions:
> You didn't happen to capture any of the packets with tcpdump or ethereal
> or anything, did you?
No ...until I read this email, I had never used that utility. I still don't
know how to use it well.
> What kind of hardware/software is your router?
Linksys BEFSR81
These two ports are NOT opened in the NAT table.
> Are you running any sort of real firewall?
"Real"? Freebie Zone Alarm. No log entry on it for that day. Nmap shows port
139 open, all others closed. Zone Alarm agrees.
> Have you checked ZA's application database to see if anything is
> registered with it to use port 80? Also, what level of protection is it
> set for?
>
No
> I would seriously suggest changing your setup to block this sort of
> traffic. Before you do that though, I'd set up tcpdump to capture all
> incoming port 80 packets (maybe _all_ non-normal traffic if you have the
> space), so you can see what this person is doing with your machine. In
> any case, one of the basic rules of security is if you even _suspect_
> the box has been compromised, reinstall the OS and firewall it before
> you connect it to the network.
>
> -Ken
Yeah ... my wife is gonna LOVE that suggestion ... it's her machine. :-(
Bill
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:22:04 EDT