Is this some type of scan
From: Aaron Lewis (aaron_at_webspundesigns.com)
Date: 08/04/04
- Previous message: John Hewitt: "Re: Anyone else seeing SSH scans?"
- Next in thread: Frank Knobbe: "Re: Is this some type of scan"
- Reply: Frank Knobbe: "Re: Is this some type of scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <incidents@securityfocus.com> Date: Wed, 4 Aug 2004 10:45:39 -0400
I don't think this is right but I don't know what to make of it. One of my
ACL's denies this 4 - 6 times a day an hour apart for 4 or so hours then it
stops until the next day.
Aug 4 10:17:54 myhostname 3272392: Aug 4 10:17:53.949 EST:
%SEC-6-IPACCESSLOGP: list inboundACLname denied tcp 127.0.0.1(80)
(Ethernet0/1 000b.bf55.4c70) -> my.public.ip.x(1515), 1 packet
Aug 4 10:18:10 myhostname 3272394: Aug 4 10:18:10.621 EST:
%SEC-6-IPACCESSLOGP: list inboundACLname denied tcp 127.0.0.1(80)
(Ethernet0/1 000b.bf55.4c70) -> my.public.ip.x(1011), 1 packet
In other words I'll see 2 entries like these at 10:17 and then I'll see
another pair around 11:17 and that will go on for 4 - 6 hours then quit
until the next day.
Any info on this?
Aaron D. Lewis
- Previous message: John Hewitt: "Re: Anyone else seeing SSH scans?"
- Next in thread: Frank Knobbe: "Re: Is this some type of scan"
- Reply: Frank Knobbe: "Re: Is this some type of scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
