Monday, May 18, 2009

My IDS has some Interesting reports.. got attacks from a security blog server

In the LUC course, we wrote an IDS program in perl. After setting up my own server, I put my IDS there and add on some simple features. When ever there is an possible attack, no matter if it's brute force, port scan, I will block the source IP and also port scan back with "nmap -A -PN", then output the result in my apache directory. It's been running for a while. And my IDs has collected quite a lot of interesting reports.

As far as I know, the source IP can be a hacked machine or from a network. Althought I may not able to track down the attacker, but I would like to see where it's from. One of the source has an entry mentioned about an site called "", it blog talk about IT security or.. IPSec... I'm thinking how could it end up attacking my server? haha...

Tne entry:

106/tcp open pop3pw Poppassd 1.8.5 (

Anywya, if you're interested, you can see all the nmap result here.. And have some mercy.. don't hack my server.. ;-)

No comments: