Re: Somebody's scanning my ports or what?
In foo.debian-user, you wrote:
> Hi all:
>
> To continue my new Linux user paranoia, I have just noticed in
> xconsole that someone's been trying to connect to every port from port
> 2 thru 1024. It looks like this:
>
> Apr 27 20:03:09 main tcplogd: tcpmux connection attempt from unknown@cpu.adsl.bellglobal.com [206.47.37.4]
> Apr 27 20:03:09 main tcplogd: port 2 connection attempt from unknown@cpu.adsl.bellglobal.com [206.47.37.4]
> Apr 27 20:03:09 main tcplogd: port 3 connection attempt from unknown@cpu.adsl.bellglobal.com [206.47.37.4]
> Apr 27 20:03:09 main tcplogd: port 4 connection attempt from unknown@cpu.adsl.bellglobal.com [206.47.37.4]
> ...
> ...
> Apr 27 20:08:13 main tcplogd: port 1024 connection attempt from unknown@cpu.adsl.bellglobal.com [206.47.37.4]
>
> This one was the last. Bellglobal is my ISP provider, and I'm
> connected via ADSL modem. In between these messages sometimes there
> are the following (I guess that's when existing service was found):
>
> Apr 27 20:03:46 main in.telnetd[7141]: connect from cpu.adsl.bellglobal.com
> Apr 27 20:04:34 main in.ftpd[7145]: connect from cpu.adsl.bellglobal.com
>
> Is this within frames of acceptable. I feel like complaining, but
> don't want to look like an idiot. :)
>
> Any comments highly appreciated!
This is not acceptable. This is analogous to some stranger on the street
coming up and feeling your crotch.
I suggest you contact bellglobal and complain. If that does not work,
learn proper counter-measures.
-Mitch
Reply to: