Re: Port Scans and Prelude

From: Ali-Reza Anghaie (ali@packetknife.com)
Date: 02/25/03


From: Ali-Reza Anghaie <ali@packetknife.com>
Date: Tue, 25 Feb 2003 17:38:52 -0500

Shawn Belcourt wrote:
> I recently installed the Linux MNF firewall. Its been great in the way it
> works. One of the things that I have come accross lately in the prelude
> logs is udp scan attacks from my own ISP. udp ports ranging from 1101 to
> 11136

Which system from your ISP? Are you sure it's not their DNS servers
responding?

Use Ethereal or another packet analyzer to examine the content.

Cheers, -Ali

-- 
OpenPGP Key: 030E44E6
--
Was I helpful?:  http://svcs.affero.net/rm.php?r=packetknife
--
To alcohol! The cause of - and solution to - all of life's problems!
-- Homer Simpson


Relevant Pages

  • Re: Port Scans and Prelude
    ... Shawn Belcourt wrote: ... > I recently installed the Linux MNF firewall. ... udp ports ranging from 1101 to ... Which system from your ISP? ...
    (comp.security.firewalls)
  • Re: Port Scans and Prelude
    ... Shawn Belcourt wrote: ... > I recently installed the Linux MNF firewall. ... udp ports ranging from 1101 to ... Which system from your ISP? ...
    (comp.os.linux.security)
  • Re: Port Scans and Prelude
    ... >>I recently installed the Linux MNF firewall. ... >>logs is udp scan attacks from my own ISP. ... udp ports ranging from 1101 to ... Are you sure it's not their DNS servers ...
    (comp.os.linux.security)
  • Re: Port Scans and Prelude
    ... >>I recently installed the Linux MNF firewall. ... >>logs is udp scan attacks from my own ISP. ... udp ports ranging from 1101 to ... Are you sure it's not their DNS servers ...
    (comp.security.firewalls)
  • Re: Port Scans and Prelude
    ... >>I recently installed the Linux MNF firewall. ... >>logs is udp scan attacks from my own ISP. ... udp ports ranging from 1101 to ... Are you sure it's not their DNS servers ...
    (alt.computer.security)