Re: i've been port scanned. now what
Wouldn't surprise me. Often these kinds of things are done from
compromised hosts, so that they don't reveal the true identity of the
attacker (who, obviously, doesn't want to go to jail ;).
On Mon, 5 Mar 2001, [iso-8859-2] Szabó Dániel wrote:
> My packet filter ruleset catched somebody on port scanning one of our host.
> He or she tryed to scan a very big port range from tcp 1 up to 32000 (think
> with nmap), but my packet filter denied his/her queries (the kernel
> generated 1 mb log in 3 minutes with the denied packets). I have his/her
> ipv4 address, and i would like to ask, what should i do know? i figured out
> from the ripe.net whois db, that the ip is owned by one of the ISP's from my
> country, is it possible, that the scanner cracked the isp's machine, then
> pushed the scan from there?
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com