Re: [exim] Use of P0f

Top Page
Delete this message
Reply to this message
Author: Dave Evans
Date:  
To: exim-users
Subject: Re: [exim] Use of P0f
On Thu, May 14, 2009 at 02:35:45PM +0800, W B Hacker wrote:
> But p0f has turned up something I had not expected - port 25 entirely aside,
> nearly 80% of the break-in attempts are coming off Linux boxen and mostly to
> port 22, very few from WinBoxen - on any port.
>
> Looks to me as if Linux has indeed won 'market share' - but not where we might
> have most wished it to have appeared....


Makes sense - box A attacking box B via ssh probably means that box A has
already been compromised by that same attack vector. i.e. attack vectors
tell you more about the attacker than the would-be victim.

--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey