Linode Forum :: Portscans & other malicious activity

So I'm running snort on my Debian Linode (version 1.8.4-beta1 (Build 91)), and I'm seeing plenty of ICMP ping activity in the alert log, but I'm not seeing anything in the portscan log, or any other attack attempts in the syslog. This has been the case for over a week now. When I ran snort on my DSL connection, I was getting scanned or attacked every few minutes. Does anyone know if this malicious activity is being filtered somewhere upstream, or have any other data points to compare and contrast against?

-"Zow"

Author:	zow [ Tue Oct 14, 2003 11:29 am ]
Post subject:	Portscans & other malicious activity
So I'm running snort on my Debian Linode (version 1.8.4-beta1 (Build 91)), and I'm seeing plenty of ICMP ping activity in the alert log, but I'm not seeing anything in the portscan log, or any other attack attempts in the syslog. This has been the case for over a week now. When I ran snort on my DSL connection, I was getting scanned or attacked every few minutes. Does anyone know if this malicious activity is being filtered somewhere upstream, or have any other data points to compare and contrast against? -"Zow"

Author:	caker [ Thu Oct 16, 2003 6:50 pm ]
Post subject:
Well .. besides the port filtering that ThePlanet does, I would suspect that script kiddies know they are more likely to find vulnerable machines from cable and DSL providers, rather than locked-down boxes at datacenters. But, that's not to say that having a r00ted box on a high speed network isn't attractive... -Chris

Author:	Ashen [ Wed Nov 19, 2003 10:58 am ]
Post subject:
If a linode did get rooted, (theoretically, I hope this would never happen!) what would be done? Would it simply be terminated until it's owner came back, rebooted and secured it? -Ashen

Author:	Ashen [ Wed Nov 19, 2003 11:10 am ]
Post subject:
If a linode did get rooted, (theoretically, I hope this would never happen!) what would be done? Would it simply be terminated until it's owner came back, rebooted and secured it? -Ashen

Author:	unixfool [ Sun Mar 12, 2006 12:33 pm ]
Post subject:	Re: Portscans & other malicious activity
zow wrote: So I'm running snort on my Debian Linode (version 1.8.4-beta1 (Build 91)), and I'm seeing plenty of ICMP ping activity in the alert log, but I'm not seeing anything in the portscan log, or any other attack attempts in the syslog. This has been the case for over a week now. When I ran snort on my DSL connection, I was getting scanned or attacked every few minutes. Does anyone know if this malicious activity is being filtered somewhere upstream, or have any other data points to compare and contrast against? -"Zow" I've the feeling it's getting filtered downstream. I'm wondering if you bought an interface for your linode that you dedicate to Snort. I'm about to give Snort a try on my linode but have been wondering about resource issues (I'm NOT going to use ACID or have it report to a MySQL DB) and the best overall deployment of Snort.

Linode Forum https://forum.linode.com/

Portscans & other malicious activity https://forum.linode.com/viewtopic.php?f=19&t=384	Page 1 of 1

Page 1 of 1	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/