[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Seeking some info about scan logs format on RaQ550

Subject: [cobalt-users] Seeking some info about scan logs format on RaQ550
From: bib <bib@xxxxxxxxxxxxx>
Date: Mon Mar 10 07:29:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Dear all,

Still newbe on cobalt and RaQ550, I can't interprete the sens of those"outgoing" scans showed on the server 'security->scanlog' page. Wheremay I find some indications about the log format used here ?


On a tcp example, 1.2.3.4 beeing "my" server ip address:

03/01/03-11:02:50 eth0:portscan: tcp 1.2.3.4/1080 ->28.162.153.108/3451 40 rst (16)


   what means the last column showing "(16)" ?
   Is my system simply sending a "reset" because of not listening on 1080 ?
   Is it a reply to a previous new connexion attempt from remote system ?
   Why the previous new connexion attempt didn't got logged ?

On a icmp example:

  03/08/03-12:56:03 eth0:portscan: 3/3/icmp 1.2.3.4 -> 9.8.7.6 102 (22)

   what means the last column showing "(22)"  ?
   Is it THE tcp port which is unreachable ?

Is there any documentation explaining the used format ?
Could you please help me in understanding this issue ?

Many thanks in advance for your tip.
Kindest regards
Bertrand Habib

Prev by Date: RE: [cobalt-users] Raq550: Port Scans - need help
Next by Date: [cobalt-users] Re: My Server has been hacked
Previous by thread: [cobalt-users] Mx error
Next by thread: [cobalt-users] Re: My Server has been hacked

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index