Re: Aborted TCP scans
From: Wojtek Walczak (gminick@hacker.pl)
Date: 12/14/02
- Next message: Wojtek Walczak: "Re: CONNECT in apache log"
- Previous message: Wojtek Walczak: "Re: ip-network"
- In reply to: Richard Edwards: "Aborted TCP scans"
- Next in thread: Richard Edwards: "Re: Aborted TCP scans"
- Reply: Richard Edwards: "Re: Aborted TCP scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Wojtek Walczak <gminick@hacker.pl> Date: Sat, 14 Dec 2002 14:57:52 +0000 (UTC)
Dnia Sat, 14 Dec 2002 14:44:36 GMT, Richard Edwards napisał(a):
> My message log shows aborted scans along with dropped and rejected entries
> from my firewall. I'm running iptables configured via Guarddog. Guarddog is
> saying the aborted messages are from aborted TCP scans (half open
> scans) but does not make it clear if they are a problem that need to
> be looked into.
It's very, very hard to say anything without looking at logs and
configuration of your system.
> here in the U.S. doesn't seem to be a pattern. Should I be concerned or
> just turn off this type of logging?, any advise would be appreciated.
Well, if you know your configuration, you can forget about 95% of
these packets and firewall complainments, but there's always a chance
that something malicious is going on... ;]
-- [ ] gminick (at) underground.org.pl http://gminick.linuxsecurity.pl/ [ ] [ "Po prostu lubie poranna samotnosc, bo wtedy kawa smakuje najlepiej." ]
- Next message: Wojtek Walczak: "Re: CONNECT in apache log"
- Previous message: Wojtek Walczak: "Re: ip-network"
- In reply to: Richard Edwards: "Aborted TCP scans"
- Next in thread: Richard Edwards: "Re: Aborted TCP scans"
- Reply: Richard Edwards: "Re: Aborted TCP scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
