[SpamCop-List] Re: news.spamcop triggered Firewall
MikeE at ster.invalid
Wed Feb 25 15:53:28 EST 2004
Doug Thegarden wrote:
> Can anyone shed any light on this intrusion alert from my Norton
-1- You are going to look awfully silly if you start asking around here
or elsewhere about every little bent packet that gets recorded in your
firewall logs - it's called 'goober [or idiot] with firewall'
-2- It is worthwhile to become educated about general internet traffic,
noise, hackers, and firewall forensics; but you should do it by
'pounding the books' or websites and spending your time in the
'trenches' - not by newsgroup asking about puzzling little firewall
entries http://www.robertgraham.com/pubs/firewall-seen.html FAQ:
Firewall Forensics (What am I seeing?)
-3- You would be much better off if you configured a log client to feed
your logs to someplace like DShield and MyNetWatchman than fretting and
puzzling over them - an organized and 'knowledgeable' system can do much
more than you can about putting true intrusions into proper perspective
and even notifying about them and ignoring the rest
-4- That's probably a 'misplaced' or 'misguided' news packet that got
> Source IP address: news.spamcop.net(220.127.116.11).
> TCP Source Port: nntp(119).
> TCP Header Flags: 0x00000039. Invalid.
More information about the SpamCop-List