Re: NULL Scan issues or something else?
- To: email@example.com
- Subject: Re: NULL Scan issues or something else?
- From: Daniel Curtis <firstname.lastname@example.org>
- Date: Thu, 7 Feb 2013 19:34:38 +0100
- Message-id: <CAASvXNuZe8aLG6=ntXAFgv=dqVFePXZS05TvzF1e16Q6iv6BXA@mail.gmail.com>
- In-reply-to: <CAASvXNu4y1ktStQFG0mEv=svHjBQ7dp_y5F-vW83z_ENusVemail@example.com>
- References: <CAASvXNsFvKq53aAAZsj4uKt6XVbLTg2z_RTjdUdq=i=PF_QE5g@mail.gmail.com> <77C7FE218FD49F41BC62CCA7E6D0CC8D0E1CEC@hermes.inp.ads> <CAASvXNvgv--JPGHYkDy47nOCs8FaBSDoJPh-RkOJNB4Lxo29RQ@mail.gmail.com> <77C7FE218FD49F41BC62CCA7E6D0CC8D0E1CEE@hermes.inp.ads> <CAASvXNu4y1ktStQFG0mEv=svHjBQ7dp_y5F-vW83z_ENusVfirstname.lastname@example.org>
Thank you all for your answers. They are very helpful.
I have to mention some thing, which I forgot to write;
Now this computer is used for a various test etc. Maybe, in
- no running services
- all ports are closed (according to e.g. nmap)
- iptables has concerning rules about INVALID packets
- flags filtering for --tcp-flags and use --ctstate.
the future this machine will be something else, more important.
So, should I afraid of these scans attempts, despite that, there
are not enabled any service? Blocking (DROP) these connections
is sufficient? In that case, what is the type of scan, that uses these
flags; SYN,RST,ACK,FIN,PSH,URG SYN,RST,ACK, FIN,PSH,URG?
Why this type of scan occurs when all ports are closed and none of
the services are not running? Sorry for the naive question, but I'm
surprised, because I was never in a similar situation. Especially with
closed ports and no services.
Again sorry for so many questions, and thanks for all the answers.
If you can, please answer to the above questions. They are very
important for me.
Some part of the log:
SCAN: IN=eth0 OUT= MAC=_mac_addresses
LEN=1500 TOS=0x00 PREC=0x00
TTL=52 ID=14512 DF
PROTO=TCP SPT=80 DPT=54790
WINDOW=6432 RES=0x00 ACK URGP=0
...and many more...