Upswing in port 23/TCP scanning

Published: 2010-06-01
Last Updated: 2011-01-30 04:33:06 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)

Reader Tom wrote in that he has noticed an upswing of scanning for port 23/TCP to a honeypot system. They are completing the 3 way handshake, then sending a FIN to shut it down. Dshield data confirms that others are seeing the same. Dshield port 23 graph Let us know if you are seeing anything interesting at our contact us page.

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

Keywords:
0 comment(s)

SPF how useful is it?

Published: 2010-06-01
Last Updated: 2010-06-01 00:15:11 UTC
by Mark Hofman (Version: 1)
15 comment(s)

Chris wrote in and mentioned a talk at Auscert which highlighted that (Sender Policy Framework) SPF would have helped in the instance of an intrusion and suggested a diary outlining some of the things that can and can't be achieved using SPF.  I have my own experiences with SPF and the effectiveness, but I'd like to hear you experiences with SPF, good or bad. so I can write a more complete diary on the topic.  

For those that are not familiar with SPF.  The idea behind it is to create a DNS entry that specifies those machines in your network that are allowed to send email from your domain.  The receiving mail server checks this record and if it does not match it will drop the message.  There is a little bit more to it, but hat is the crux of it.   So if you have had any experiences with SPF (good or bad) please let me know via the contact form or directly markh.isc at gmail.com.

Thanks Chris for the idea and thanks in advance for your contributions.  I'm aiming to get a diary out on this later this month. 

Cheers

Mark H 

 

15 comment(s)

Comments

cwqwqwq
eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>
WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]
dwqqqwqwq mashood
[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)
[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]
What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/

Diary Archives