Re: Portscan detected from 192.168.100.100
From: anyone@istop.comDate: 01/10/02
- Previous message: Kasper Dupont: "Re: Practical advice on keeping / readonly"
- In reply to: Manfred Bartz: "Re: Portscan detected from 192.168.100.100"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: anyone@istop.com Date: Thu, 10 Jan 2002 11:22:46 -0500
Manfred Bartz wrote:
>
> "Michael (Cegonha)" <michael@cegonhatech.com> writes:
>
> > I use snort for IDS ans Today, i have been been scan from host
> > 192.168.100.100, but in my network, i don't use this ip :(
>
> 192.168.100.100 is commonly used as a management address for
> cable modems. It also has a simple webserver built into it,
> so you can get some statistics about your bandwidth usage etc
> if that feature is enabled.
>
> > I have block ip spoofing ...
>
> Good, but that only stops your system from giving an incorrect
> source address.
>
> When you say you have been scanned from that IP, what do you
> mean? What are the actual log entries?
>
> --
> Manfred
> ----------------------------------------------------------------
> NetfilterLogAnalyzer, NetCalc, whois at: <http://logi.cc/linux/>
192.168.xxx.xxx is it not "privet C IP address" that does not suppose to
be routed to the Internet?
It may be router miss configuration.
Irek
- Next message: irado furioso com tudo: "Re: Portscan detected from 192.168.100.100"
- Previous message: Kasper Dupont: "Re: Practical advice on keeping / readonly"
- In reply to: Manfred Bartz: "Re: Portscan detected from 192.168.100.100"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
