[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Portsentry & Hack Attempt
- Subject: [cobalt-users] Portsentry & Hack Attempt
- From: "Steve Buza" <steve@xxxxxxxxxxxxx>
- Date: Sun Mar 4 21:24:01 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Hi,
Sorry, this is a bit long, but what does the following log entry tell you?
nnn.nnn.nnn.nnn is of course the same IP address fo each of the entries in
the Portsentry log. Add to this that this IP address is actually one of
mine. It is in my dialup modem pool. And, I have a RADIUS log that shows a
specific user logging in on this IP address at 11:26:04 and logging out at
11:45:15.
What should I do about/with this information? Should I just disable the
account. Should I report it to someone, and if so, who?
Mar 3 11:26:44 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 1
Mar 3 11:26:44 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 11
Mar 3 11:26:44 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 1
Mar 3 11:26:44 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 15
Mar 3 11:26:45 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 11
Mar 3 11:26:45 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 1
Mar 3 11:26:45 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 15
Mar 3 11:26:45 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 11
Mar 3 11:26:45 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 1
Mar 3 11:26:46 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 15
Mar 3 11:26:46 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 11
Mar 3 11:26:46 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 15
Mar 3 11:26:48 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 79
Mar 3 11:26:49 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 79
Mar 3 11:26:49 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 79
Mar 3 11:26:50 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 111
Mar 3 11:26:50 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 79
Mar 3 11:26:50 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 111
Mar 3 11:26:51 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 119
Mar 3 11:26:51 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 111
Mar 3 11:26:51 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 119
Mar 3 11:26:53 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 111
Mar 3 11:26:53 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 119
Mar 3 11:26:53 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 143
Mar 3 11:26:53 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 119
Mar 3 11:26:53 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 143
Mar 3 11:26:54 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 143
Mar 3 11:26:54 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 143
Mar 3 11:27:15 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 540
Mar 3 11:27:15 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 540
Mar 3 11:27:15 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 540
Mar 3 11:27:16 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 540
Mar 3 11:27:20 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 635
Mar 3 11:27:20 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 635
Mar 3 11:27:21 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 635
Mar 3 11:27:22 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 635
Mar 3 11:27:45 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 1080
Mar 3 11:27:45 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 1080
Mar 3 11:27:46 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 1080
Mar 3 11:27:46 SYN/Normal scan from host: nnn.nnn.nnn.nnn to TCP port: 1080
Steve