[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Port Scan Report

Subject: Re: [cobalt-users] Port Scan Report
From: "John D. Gorena" <Support@xxxxxxxxxxxxxxxxxxx>
Date: Sat Dec 14 09:49:01 2002
Organization: http://www.JMG-Enterprises.com
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Bruce,

I too thought that it just checked inbound traffice but I see these E-mails from the server.  If I
set to block, the server warns of Denial Of Service attacks.

ALSO, in  /var/log/phoenix.log is a large history of scans.  Here is a small part of my log.

12/11/02-17:07:16 eth0:portscan: tcp 65.169.119.102/12345 -> 211.38.179.115/4103 40 rst (16)
12/11/02-17:07:16 eth0:portscan: tcp 65.169.119.102/27374 -> 211.38.179.115/4104 40 rst (16)
12/11/02-17:07:16 eth0:portscan: tcp 65.169.119.102/1243 -> 211.38.179.115/4105 40 rst (16)
12/11/02-17:07:17 eth0:portscan: tcp 65.169.119.103/12345 -> 211.38.179.115/4106 40 rst (16)
12/11/02-17:07:17 eth0:portscan: tcp 65.169.119.103/27374 -> 211.38.179.115/4107 40 rst (16)
12/11/02-17:07:17 eth0:portscan: tcp 65.169.119.101/27374 -> 211.38.179.115/4101 40 rst (16)
12/11/02-17:07:17 eth0:portscan: tcp 65.169.119.103/1243 -> 211.38.179.115/4108 40 rst (16)
12/11/02-17:07:17 eth0:portscan: tcp 65.169.119.102/12345 -> 211.38.179.115/4103 40 rst (16)
12/11/02-17:07:17 eth0:portscan: tcp 65.169.119.102/27374 -> 211.38.179.115/4104 40 rst (16)
12/11/02-17:07:17 eth0:portscan: tcp 65.169.119.102/1243 -> 211.38.179.115/4105 40 rst (16)
12/11/02-17:07:17 eth0:portscan: tcp 65.169.119.103/12345 -> 211.38.179.115/4106 40 rst (16)
12/11/02-17:07:17 eth0:portscan: tcp 65.169.119.103/27374 -> 211.38.179.115/4107 40 rst (16)
12/11/02-17:07:18 eth0:portscan: tcp 65.169.119.103/1243 -> 211.38.179.115/4108 40 rst (16)
12/11/02-17:07:21 eth0:portscan: tcp 65.169.119.101/1243 -> 211.38.179.115/4102 40 rst (16)
12/11/02-17:07:22 eth0:portscan: tcp 65.169.119.101/1243 -> 211.38.179.115/4102 40 rst (16)
12/12/02-03:22:47 eth0:portscan: tcp 65.169.119.101/27374 -> 211.215.42.85/2021 40 rst (16)
12/12/02-03:22:48 eth0:portscan: tcp 65.169.119.101/1243 -> 211.215.42.85/2022 40 rst (16)
12/12/02-03:22:48 eth0:portscan: tcp 65.169.119.101/12345 -> 211.215.42.85/2020 40 rst (16)
12/12/02-03:22:48 eth0:portscan: tcp 65.169.119.102/12345 -> 211.215.42.85/2023 40 rst (16)
12/12/02-03:22:48 eth0:portscan: tcp 65.169.119.101/1243 -> 211.215.42.85/2022 40 rst (16)
12/12/02-03:22:49 eth0:portscan: tcp 65.169.119.103/12345 -> 211.215.42.85/2026 40 rst (16)
12/12/02-03:22:49 eth0:portscan: tcp 65.169.119.102/12345 -> 211.215.42.85/2023 40 rst (16)
12/12/02-03:22:49 eth0:portscan: tcp 65.169.119.101/12345 -> 211.215.42.85/2020 40 rst (16)
12/12/02-03:22:49 eth0:portscan: tcp 65.169.119.103/27374 -> 211.215.42.85/2027 40 rst (16)
12/12/02-03:22:49 eth0:portscan: tcp 65.169.119.102/1243 -> 211.215.42.85/2025 40 rst (16)
12/12/02-03:22:49 eth0:portscan: tcp 65.169.119.101/27374 -> 211.215.42.85/2021 40 rst (16)
12/12/02-03:22:49 eth0:portscan: tcp 65.169.119.103/1243 -> 211.215.42.85/2028 40 rst (16)
12/12/02-03:22:49 eth0:portscan: tcp 65.169.119.102/27374 -> 211.215.42.85/2024 40 rst (16)
12/12/02-03:22:49 eth0:portscan: tcp 65.169.119.103/12345 -> 211.215.42.85/2026 40 rst (16)
12/12/02-03:22:49 eth0:portscan: tcp 65.169.119.101/1243 -> 211.215.42.85/2022 40 rst (16)
12/12/02-03:22:50 eth0:portscan: tcp 65.169.119.102/12345 -> 211.215.42.85/2023 40 rst (16)
12/12/02-03:22:50 eth0:portscan: tcp 65.169.119.103/27374 -> 211.215.42.85/2027 40 rst (16)
12/12/02-03:22:50 eth0:portscan: tcp 65.169.119.103/1243 -> 211.215.42.85/2028 40 rst (16)
12/12/02-03:22:50 eth0:portscan: tcp 65.169.119.102/1243 -> 211.215.42.85/2025 40 rst (16)
12/14/02-00:50:37 eth1 Firewall loaded
12/14/02-00:50:37 eth1 Firewall loaded
12/14/02-00:50:37 eth0 Firewall loaded
12/14/02-01:41:36 Assigned major=254
12/14/02-01:41:36 eth1 Firewall loaded
12/14/02-01:41:36 eth0 Firewall loaded
12/14/02-02:20:38 Assigned major=254
12/14/02-02:20:38 eth1 Firewall loaded
12/14/02-02:20:38 eth0 Firewall loaded



John



Bruce Timberlake wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> > My server is the 65.169.119.101 and my concerns are that the report
> > shows that it is outbound and the Source Ports are random.
> 
> Hm. As I said, I was under the impression it only checked inbound
> traffic.  I'll have to play with mine and see if/why/how it is also
> checking outbound traffic.
> 
> - --
> Bruce Timberlake
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> 
> iD8DBQE9+2f6vLA2hUZ9kgwRAgVWAJ4iA1lJKUEuwRKmy3hsqTYK1WbtxACdHDaj
> sbEIhQzi1nTGeNoJ24vAMfo=
> =D9Gx
> -----END PGP SIGNATURE-----
> 
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- [cobalt-users] Port Scan Report
  - From: John D. Gorena
- Re: [cobalt-users] Port Scan Report
  - From: Bruce Timberlake
- Re: [cobalt-users] Port Scan Report
  - From: John D. Gorena
- Re: [cobalt-users] Port Scan Report
  - From: Bruce Timberlake

Prev by Date: Re: [cobalt-users] Port Scan Report
Next by Date: [cobalt-users] Odd error message
Previous by thread: Re: [cobalt-users] Port Scan Report
Next by thread: Re: [cobalt-users] Port Scan Report

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index