Dnia Fri, 14 Sep 2001 15:49:34 -0600, D. Stimits napisa3(a):
Quote:>Over the last month or so I've seen more attempts to access port 6346
>tcp, and haven't found any attack data on why this port. The main
>offender comes back day after day, even though I'm on a dynamic ip (the
>entire /16 is completely blocked, it must be a methodical scan). What is
>port 6346 as far as possible attacks?
i can't help you here, because i have no idea how to explain
these attepts (have you tried catch packets with eg. snort ?),
but...
Quote:>The offending attackers are almost all from a .pl address. The main
>offender is:
>212.244.204.161
>name = bgz-161-cisco.man.polbox.pl
.pl is Poland, my native country ;)
good job, try to report probes to them (with logs etc.),
they should frighten attacker and he should stop his actions
(admins on polish news groups says it almost always works).
hth...
--
[ Wojtek gminick Walczak ][ http://hacker.pl/gminick/ ]
[ gminick (at) hacker.pl ][ ]gminick (at) interia.pl[ ]