[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Port Scan Report
- Subject: Re: [cobalt-users] Port Scan Report
- From: "John D. Gorena" <Support@xxxxxxxxxxxxxxxxxxx>
- Date: Sat Dec 14 09:22:01 2002
- Organization: http://www.JMG-Enterprises.com
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Bruce,
My server is the 65.169.119.101 and my concerns are that the report shows that it is outbound and
the Source Ports are random.
John
Bruce Timberlake wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> It should only be watching inbound traffic. I.e., running nmap or
> something on your 550 won't trigger the port scan report.
>
> > Source Address: 65.169.119.101
> > Source port: 27374
> > Direction: outbound
> > Destination Address: 211.38.179.115
> > Destination Port: 4101
>
> Which is your RaQ IP - 65.169.119.101 or 211.38.179.115? Don't worry
> about the word 'outbound'...
>
> > From the GUI I look at the Scan Detection Log and it shows:
> >
> > 12/12/02-03:22:49 eth0:portscan: tcp 65.169.119.102/27374 ->
> > 211.215.42.85/2024 40 rst (16)
> > 12/12/02-03:22:49 eth0:portscan: tcp 65.169.119.103/12345 ->
> > 211.215.42.85/2026 40 rst (16)
>
> <snip>
>
> Which is your IP - the 65. net or the 211. net? That will tell you
> what's going on. You're probably not being 'actively' scanned, just
> a 'bot running through all IP addresses looking for a particular
> vulnerability or something...
>
> - --
> Bruce Timberlake
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQE9+1plvLA2hUZ9kgwRAlWYAJ9NpH6DRPCJDO0kLZFw2GFAzuwQxQCfXa3M
> arHd4KJa/UIKSuF5tN83Id8=
> =slDR
> -----END PGP SIGNATURE-----
>