[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Port Scan Report

Subject: Re: [cobalt-users] Port Scan Report
From: Bruce Timberlake <bruce@xxxxxxxxxx>
Date: Sat Dec 14 08:29:00 2002
Organization: BRTNet.org
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It should only be watching inbound traffic.  I.e., running nmap or 
something on your 550 won't trigger the port scan report.

> Source Address:  65.169.119.101
> Source port:  27374
> Direction:  outbound
> Destination Address:  211.38.179.115
> Destination Port:  4101

Which is your RaQ IP - 65.169.119.101 or 211.38.179.115?  Don't worry 
about the word 'outbound'...

> From the GUI I look at the Scan Detection Log and it shows:
> 
> 12/12/02-03:22:49 eth0:portscan: tcp 65.169.119.102/27374 ->
> 211.215.42.85/2024 40 rst (16)
> 12/12/02-03:22:49 eth0:portscan: tcp 65.169.119.103/12345 ->
> 211.215.42.85/2026 40 rst (16)

<snip>

Which is your IP - the 65. net or the 211. net?  That will tell you 
what's going on.  You're probably not being 'actively' scanned, just 
a 'bot running through all IP addresses looking for a particular 
vulnerability or something...

- -- 
Bruce Timberlake

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE9+1plvLA2hUZ9kgwRAlWYAJ9NpH6DRPCJDO0kLZFw2GFAzuwQxQCfXa3M
arHd4KJa/UIKSuF5tN83Id8=
=slDR
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: [cobalt-users] Port Scan Report
  - From: John D. Gorena
- Re: [cobalt-users] Port Scan Report
  - From: Office Tracker

References:
- [cobalt-users] Port Scan Report
  - From: John D. Gorena

Prev by Date: Re: [cobalt-users] is this normal for processes?
Next by Date: [cobalt-users] RAQ 550 and gd
Previous by thread: [cobalt-users] Port Scan Report
Next by thread: Re: [cobalt-users] Port Scan Report

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index