Re: Port Scans and Prelude
From: Shawn Belcourt (shawn_belcourt@wssl.com)
Date: 02/25/03
- Next message: dmz17: "199.239.138.66 who the H... is it?"
- Previous message: Shawn Belcourt: "Re: Port Scans and Prelude"
- In reply to: Wojtek Walczak: "Re: Port Scans and Prelude"
- Next in thread: Shawn Belcourt: "Re: Port Scans and Prelude"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Shawn Belcourt" <shawn_belcourt@wssl.com> Date: Tue, 25 Feb 2003 18:04:58 GMT
You are right about mentioning that.
"Wojtek Walczak" <gminick@hacker.pl> wrote in message
news:b3g09k$n5c$1@atlantis.news.tpi.pl...
> Dnia Tue, 25 Feb 2003 14:29:05 GMT, Shawn Belcourt napisał(a):
> > I recently installed the Linux MNF firewall.
> ...and you're crossposting to inform everybody.
>
> > logs is udp scan attacks from my own ISP.
> Scan is not an attack.
>
> > When I asked the ISP to explain. They stated it was thier dhcp server
> > trying to see if the server was still alive.
> Strange. I thought dhcp uses ports 67 and 68 (of course there's a
> possibility to change them).
>
> > I have never heard of DHCP using port scans to see if a server is alive
> > before.
> What's your definition of scanning ?
Enumerating ports 1112-111119
Quick Description Scanning attack
Date Tue Feb 25 08:10:55 2003
Kind Should be ok
Received 1 time
Message Udp scanning attempt: 39 cnx from port 1112 to 11119 in 13
seconds
>
> --
> [ ] gminick (at) underground.org.pl http://gminick.linuxsecurity.pl/ [ ]
> [ "Po prostu lubie poranna samotnosc, bo wtedy kawa smakuje najlepiej." ]
- Next message: dmz17: "199.239.138.66 who the H... is it?"
- Previous message: Shawn Belcourt: "Re: Port Scans and Prelude"
- In reply to: Wojtek Walczak: "Re: Port Scans and Prelude"
- Next in thread: Shawn Belcourt: "Re: Port Scans and Prelude"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
