[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Port Scan Report
- Subject: [cobalt-users] Port Scan Report
- From: "John D. Gorena" <Support@xxxxxxxxxxxxxxxxxxx>
- Date: Fri Dec 13 23:15:01 2002
- Organization: http://www.JMG-Enterprises.com
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Please Excuse the caps. I want you to be able to see what I write and what the reports say. I have
a Raq550.
I NEED TO KNOW IF OTHER RAQ550 USERS GET THESE MESSAGES TOO. I HAVE THE SYSTEM SET TO SEND ME
E-MAIL VIS THE GUI. MY MAIN CONCERN IS AM I GETTING HACKED?
I HAVE BEEN GETTING A REPORT THAT SAYS THE FOLLOWING. AS I READ THE REPORT I THINK IT SAYS THAT MY
RAQ IS SCANNING OUT? HERE ONE E-MAIL. I GET ABOUT 2 A DAY.
This alert notification is to inform you of network activity occurring on your host.
Timestamp: Wed 11 Dec 2002 05:07:16 PM CST
Alert Type: Port Scan Detected
Interface: eth0
Protocol: tcp
Packet Size (bytes): 40
Source Address: 65.169.119.101
Source port: 27374
Direction: outbound
Destination Address: 211.38.179.115
Destination Port: 4101
Log Entry: eth0:portscan: tcp 65.169.119.101/27374 -> 211.38.179.115/4101 40 rst (16)
FROM THE GUI I LOOK AT THE SCAN DETECTION LOG AND IT SHOWS:
12/12/02-03:22:49 eth0:portscan: tcp 65.169.119.102/27374 -> 211.215.42.85/2024 40 rst (16)
12/12/02-03:22:49 eth0:portscan: tcp 65.169.119.103/12345 -> 211.215.42.85/2026 40 rst (16)
12/12/02-03:22:49 eth0:portscan: tcp 65.169.119.101/1243 -> 211.215.42.85/2022 40 rst (16)
12/12/02-03:22:50 eth0:portscan: tcp 65.169.119.102/12345 -> 211.215.42.85/2023 40 rst (16)
12/12/02-03:22:50 eth0:portscan: tcp 65.169.119.103/27374 -> 211.215.42.85/2027 40 rst (16)
12/12/02-03:22:50 eth0:portscan: tcp 65.169.119.103/1243 -> 211.215.42.85/2028 40 rst (16)
12/12/02-03:22:50 eth0:portscan: tcp 65.169.119.102/1243 -> 211.215.42.85/2025 40 rst (16)
JOHN