Scaneo?

To: "linux.org.mx" <ayuda en linux org mx>
Subject: Scaneo?
From: Jorge Antonio Gonzalez Fortuna <linuxico en cactus iico uaslp mx>
Date: Fri, 3 Nov 2000 10:41:42 -0600 (CST)
Sender: owner-ayuda en linux org mx
Hola!

Dandome una vuelta rutinaria por la bitácora del sistema me encontre
esto (siguen bastantes líneas):

====================================================
/var/log/messages:
----------------------------------------------------

Nov  1 09:38:20 cactus identd[8123]: Connection from du-148-221-89-181.prodigy.net.mx
Nov  1 09:38:20 cactus identd[8123]: from: 148.221.89.181 ( du-148-221-89-181.prodigy.net.mx ) for: 143, 3780
Nov  1 09:38:23 cactus identd[8125]: Connection from du-148-221-89-181.prodigy.net.mx
Nov  1 09:38:23 cactus identd[8125]: from: 148.221.89.181 ( du-148-221-89-181.prodigy.net.mx ) for: 22, 3922
Nov  1 09:38:23 cactus sshd[8124]: Did not receive ident string from 148.221.89.181.
Nov  1 09:38:24 cactus identd[8127]: Connection from du-148-221-89-181.prodigy.net.mx
Nov  1 09:38:24 cactus identd[8127]: from: 148.221.89.181 ( du-148-221-89-181.prodigy.net.mx ) for: 80, 3926
Nov  1 09:38:26 cactus identd[8130]: Connection from du-148-221-89-181.prodigy.net.mx
Nov  1 09:38:26 cactus identd[8130]: from: 148.221.89.181 ( du-148-221-89-181.prodigy.net.mx ) for: 23, 3961
Nov  1 09:38:26 cactus telnetd[8128]: ttloop:  read: Connection reset by peer 
Nov  1 09:38:26 cactus identd[8131]: Connection from du-148-221-89-181.prodigy.net.mx
Nov  1 09:38:26 cactus identd[8131]: from: 148.221.89.181 ( du-148-221-89-181.prodigy.net.mx ) for: 21, 3966
Nov  1 09:38:27 cactus ftpd[8129]: lost connection to du-148-221-89-181.prodigy.net.mx [148.221.89.181]
Nov  1 09:38:27 cactus ftpd[8129]: FTP session closed
Nov  1 09:38:28 cactus identd[8132]: Connection from du-148-221-89-181.prodigy.net.mx
Nov  1 09:38:29 cactus identd[8132]: from: 148.221.89.181 ( du-148-221-89-181.prodigy.net.mx ) for: 6001, 4090
Nov  1 09:38:31 cactus rshd[8133]: Connection from 148.221.89.181 on illegal port
Nov  1 09:38:32 cactus identd[8135]: Connection from du-148-221-89-181.prodigy.net.mx
Nov  1 09:38:32 cactus identd[8135]: from: 148.221.89.181 ( du-148-221-89-181.prodigy.net.mx ) for: 514, 4237
Nov  1 09:38:33 cactus identd[8136]: Connection from du-148-221-89-181.prodigy.net.mx
Nov  1 09:38:33 cactus identd[8136]: from: 148.221.89.181 ( du-148-221-89-181.prodigy.net.mx ) for: 110, 4239
Nov  1 09:38:34 cactus identd[8137]: Connection from du-148-221-89-181.prodigy.net.mx
Nov  1 09:38:34 cactus identd[8137]: from: 148.221.89.181 ( du-148-221-89-181.prodigy.net.mx ) for: 5901, 4241
Nov  1 09:38:36 cactus identd[8138]: Connection from du-148-221-89-181.prodigy.net.mx
Nov  1 09:38:37 cactus identd[8139]: Connection from du-148-221-89-181.prodigy.net.mx
Nov  1 09:38:37 cactus identd[8139]: from: 148.221.89.181 ( du-148-221-89-181.prodigy.net.mx ) for: 113, 4371
Nov  1 09:38:40 cactus identd[8138]: from: 148.221.89.181 (du-148-221-89-181.prodigy.net.mx) EMPTY REQUEST
Nov  1 09:38:42 cactus identd[8141]: Connection from du-148-221-89-181.prodigy.net.mx
Nov  1 09:38:42 cactus identd[8141]: from: 148.221.89.181 ( du-148-221-89-181.prodigy.net.mx ) for: 25, 4471
Nov  1 09:38:44 cactus identd[8143]: Connection from du-148-221-89-181.prodigy.net.mx
Nov  1 09:38:44 cactus identd[8143]: from: 148.221.89.181 ( du-148-221-89-181.prodigy.net.mx ) for: 79, 4633
Nov  1 09:38:47 cactus identd[8144]: Connection from du-148-221-89-181.prodigy.net.mx
Nov  1 09:38:47 cactus identd[8144]: from: 148.221.89.181 ( du-148-221-89-181.prodigy.net.mx ) for: 53, 4801
Nov  1 09:38:49 cactus identd[8146]: Connection from du-148-221-89-181.prodigy.net.mx
Nov  1 09:38:49 cactus identd[8146]: from: 148.221.89.181 ( du-148-221-89-181.prodigy.net.mx ) for: 111, 4861
Nov  1 09:38:52 cactus identd[8148]: Connection from du-148-221-89-181.prodigy.net.mx
Nov  1 09:38:52 cactus identd[8148]: from: 148.221.89.181 ( du-148-221-89-181.prodigy.net.mx ) for: 109, 1063
Nov  1 09:38:54 cactus identd[8150]: Connection from du-148-221-89-181.prodigy.net.mx
Nov  1 09:38:54 cactus identd[8150]: from: 148.221.89.181 ( du-148-221-89-181.prodigy.net.mx ) for: 5801, 1121
Nov  1 09:38:56 cactus identd[8151]: Connection from du-148-221-89-181.prodigy.net.mx
Nov  1 09:38:56 cactus identd[8151]: from: 148.221.89.181 ( du-148-221-89-181.prodigy.net.mx ) for: 513, 1150
Nov  1 09:38:57 cactus rlogind[8149]: Connection from 148.221.89.181 on illegal port
Nov  1 09:38:57 cactus rlogind[8149]: PAM pam_end: NULL pam handle passed
Nov  1 09:39:35 cactus PAM_pwdb[8155]: check pass; user unknown
...
Nov  1 09:45:00 cactus ftpd[8254]: FTP LOGIN REFUSED (ftp in /etc/ftpusers) FROM du-148-221-89-181.prodigy.net.mx [148.221.89.181], anonymous
Nov  1 09:45:07 cactus ftpd[8254]: repeated login failures from du-148-221-89-181.prodigy.net.mx [148.221.89.181]
...
Nov  2 10:35:46 cactus telnetd[13489]: ttloop:  peer died: Invalid or incomplete multibyte or wide character 

==============================================
/var/log/secure
--------------------------------------------
Nov  1 09:38:19 cactus imapd[8122]: connect from 148.221.89.181
Nov  1 09:38:25 cactus in.telnetd[8128]: connect from 148.221.89.181
Nov  1 09:38:25 cactus in.ftpd[8129]: connect from 148.221.89.181
Nov  1 09:38:31 cactus in.rshd[8133]: connect from 148.221.89.181
Nov  1 09:38:31 cactus ipop3d[8134]: connect from 148.221.89.181
Nov  1 09:38:44 cactus in.fingerd[8142]: connect from 148.221.89.181
Nov  1 09:38:51 cactus ipop2d[8147]: connect from 148.221.89.181
Nov  1 09:38:53 cactus in.rlogind[8149]: connect from 148.221.89.181
...
Nov  1 09:44:53 cactus in.ftpd[8254]: connect from 148.221.89.181
-----------------------------

Al parecer alguien intenta conectarse intentandolo de varias formas. 
¿Alguien podría aconsejarme qué hacer para evitar un escaneo de puertos?,
¿esto indica que alguien quiere hackear mi sistema?, ¿alguien sabe si
puedo avisar a Prodigy de las actividades de su cliente?. Tengo al día los
programas de acceso a mi sistema y las medidas de seguridad básicas.

Les agradeceré cualquier consejo que puedan darme.

--------------------------------------------------------------------------
Jorge Antonio González Fortuna

                        Instituto de Investigación en Comunicación Optica
                        Cordillera Karakorum 1470, Lomas 4a sección 78210
                                             San Luis Potosí, SLP, México
--------------------------------------------------------------------------
ONE CLICK TO STAMP OUT TORTURE
http://www.stoptorture.org/
==========================================================================

---------------------------------------------------------
para salir de la lista, enviar un mensaje con las palabras
"unsubscribe ayuda" en el cuerpo a majordomo en linux org mx
Previo por Fecha: Re: hola
Siguiente por Fecha: Comandos FTP ¡
Previo por Hilo: Re: hola
Siguiente por Hilo: Comandos FTP ¡
[Hilos de Discusión] [Fecha] [Tema] [Autor]