Re: scans
From: Alessandro Selli (spammami_at_libero.it)
Date: 06/18/03
- Next message: my name went here: "Re: scans"
- Previous message: Kevin: "Re: shorewall & iptables"
- In reply to: g bell: "scans"
- Next in thread: my name went here: "Re: scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 18 Jun 2003 18:21:17 GMT
Nel fausto dė di Wed, 18 Jun 2003 13:30:10 GMT, il prode _g bell_
presente alla corte di _comp.os.linux.security_
cosė ebbe l'ardire di pronunziarsi:
| Good Morning
|
| I'm receiving scans from a certain ip range almost daily, here are
| relevant logs
|
| Jun 16 15:58:33 cpe0004758dbf50-cm024480006068 kernel: IN=eth0 OUT=
| MAC=00:04:75:8d:bf:50:00:00:77:94:69:dc:08:00 SRC=38.117.132.102
| DST=65.50.51.104 LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=54115 DF PROTO=TCP
| SPT=80 DPT=1206 WINDOW=0 RES=0x00 RST URGP=0
Where you (or someone else from your network) navigating when this happened?
My guess is that the connection started from your side and that some load
balancer in the contacted server (that could be some advertisement web server
serving some content in the page that was beeing loaded) tryed to open another
connection into your machine that would go throught some other interface it
found less busy than the one that received your connection. this would
explain the source port beeing a low-numbered one (80) and the destination
port beeing a high one (1206).
Sandro
-- "In a world without walls and fences you would not need windows and gates." (Confucius)
- Next message: my name went here: "Re: scans"
- Previous message: Kevin: "Re: shorewall & iptables"
- In reply to: g bell: "scans"
- Next in thread: my name went here: "Re: scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
