[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Somebody's scanning my ports or what? REVISITED

Arcady Genkin <genkin@sympatico.ca> writes:

I've checked my logs and discovered that exactly the same thing
happened exactly a week ago at the same hour. The same IP too. The
regularity for me implies that it could be a routine my ISP is running 
weekly. Also, the IP is in my ISP's domain.

Is that practice accepted anywhere else, or is it just my ISP's
invention (assuming I'm correct to say that it *is* the ISP and not
some CrAcKeR dUdE)?

FWIW I've posted enire extracts from the logs of April 27 and April 20 
at http://www3.sympatico.ca/genkin/daemon.log
I've also complained to abuse@bellglobal.com.

Thanks for any input.

> To continue my new Linux user paranoia, I have just noticed in
> xconsole that someone's been trying to connect to every port from port 
> 2 thru 1024. It looks like this:
> Apr 27 20:03:09 main tcplogd: tcpmux connection attempt from unknown@cpu.adsl.bellglobal.com [206.47.37.4]
> Apr 27 20:03:09 main tcplogd: port 2 connection attempt from unknown@cpu.adsl.bellglobal.com [206.47.37.4]
> Apr 27 20:03:09 main tcplogd: port 3 connection attempt from unknown@cpu.adsl.bellglobal.com [206.47.37.4]
> Apr 27 20:03:09 main tcplogd: port 4 connection attempt from unknown@cpu.adsl.bellglobal.com [206.47.37.4]
> ...
> ...
> Apr 27 20:08:13 main tcplogd: port 1024 connection attempt from unknown@cpu.adsl.bellglobal.com [206.47.37.4]
-- 
Arcady Genkin
"I opened up my wallet, and it's full of blood..." - GsYDE
Reply to: