Re: i've been port scanned. now what

To: Szabó Dániel <iwo@matavnet.hu>
Cc: debian-security@lists.debian.org
Subject: Re: i've been port scanned. now what
From: Alexander Hvostov <vulture@aoi.dyndns.org>
Date: Thu, 8 Mar 2001 19:59:12 -0800 (PST)
Message-id: <[🔎] Pine.LNX.4.21.0103081958360.4687-100000@cornerstone.core.aoi>
In-reply-to: <[🔎] 003101c0a5c4$e562bbc0$57ceec91@daniel>

Daniel,

Wouldn't surprise me. Often these kinds of things are done from
compromised hosts, so that they don't reveal the true identity of the
attacker (who, obviously, doesn't want to go to jail ;).

Regards,

Alex.

On Mon, 5 Mar 2001, [iso-8859-2] Szabó Dániel wrote:

> Hello.
> My packet filter ruleset catched somebody on port scanning one of our host.
> He or she tryed to scan a very big port range from tcp 1 up to 32000 (think
> with nmap), but my packet filter denied his/her queries (the kernel
> generated 1 mb log in 3 minutes with the denied packets). I have his/her
> ipv4 address, and i would like to ask, what should i do know? i figured out
> from the ripe.net whois db, that the ip is owned by one of the ISP's from my
> country, is it possible, that the scanner cracked the isp's machine, then
> pushed the scan from there?
> 
> Thanks,
> Daniel
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

References:
- i've been port scanned. now what
  - From: Szabó Dániel <iwo@matavnet.hu>

Prev by Date: Re: Network security
Next by Date: Re: saft port
Previous by thread: Re: i've been port scanned. now what
Next by thread: Weird protocol
Index(es):
- Date
- Thread