i've been port scanned. now what

To: <debian-security@lists.debian.org>
Subject: i've been port scanned. now what
From: Szabó Dániel <iwo@matavnet.hu>
Date: Mon, 5 Mar 2001 23:37:17 +0100
Message-id: <[🔎] 003101c0a5c4$e562bbc0$57ceec91@daniel>

Hello.
My packet filter ruleset catched somebody on port scanning one of our host.
He or she tryed to scan a very big port range from tcp 1 up to 32000 (think
with nmap), but my packet filter denied his/her queries (the kernel
generated 1 mb log in 3 minutes with the denied packets). I have his/her
ipv4 address, and i would like to ask, what should i do know? i figured out
from the ripe.net whois db, that the ip is owned by one of the ISP's from my
country, is it possible, that the scanner cracked the isp's machine, then
pushed the scan from there?

Thanks,
Daniel

Reply to:

Follow-Ups:
- Re: i've been port scanned. now what
  - From: Peter Cordes <peter@llama.nslug.ns.ca>
- Re: i've been port scanned. now what
  - From: Nathan E Norman <nnorman@micromuse.com>
- Re: i've been port scanned. now what
  - From: Tim van Erven <tripudium@chello.nl>
- Re: i've been port scanned. now what
  - From: Alexander Hvostov <vulture@aoi.dyndns.org>

Prev by Date: Re: Anti Virus for Debian
Next by Date: Re: Kernel 2.2.15 hole ?
Previous by thread: Re: Anti Virus for Debian
Next by thread: Re: i've been port scanned. now what
Index(es):
- Date
- Thread