[Tfug] ids

[Andre Lehovich]

On Tue, 3 Sep 2002, Ted Frohling wrote:
> Depends.  We don't count port scans as a general rule.  If we did,
> then it would probably be 64k.

I've got ipchains on my desktop set to block and log
suspicious traffic, e.g. anything unexpected coming from
off-campus.  Yesterday it recorded two attempts to talk to
FTP and one to HTTP, these are fairly typical numbers.  (I
usually see 3-10 per day).  These are probably malicious
probes.  Am I correct they're not included in your stats,
since the connection was never completed?

> By far, the biggest hits are folks sending large ICMP packets.

Would I ever see these at my workstation, or does the router
drop them on the floor?

--Andre