[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Somebody's scanning my ports or what?

In foo.debian-user, you wrote:
> Hi all:
> 
> To continue my new Linux user paranoia, I have just noticed in
> xconsole that someone's been trying to connect to every port from port 
> 2 thru 1024. It looks like this:
> 
> Apr 27 20:03:09 main tcplogd: tcpmux connection attempt from unknown@cpu.adsl.bellglobal.com [206.47.37.4]
> Apr 27 20:03:09 main tcplogd: port 2 connection attempt from unknown@cpu.adsl.bellglobal.com [206.47.37.4]
> Apr 27 20:03:09 main tcplogd: port 3 connection attempt from unknown@cpu.adsl.bellglobal.com [206.47.37.4]
> Apr 27 20:03:09 main tcplogd: port 4 connection attempt from unknown@cpu.adsl.bellglobal.com [206.47.37.4]
> ...
> ...
> Apr 27 20:08:13 main tcplogd: port 1024 connection attempt from unknown@cpu.adsl.bellglobal.com [206.47.37.4]
> 
> This one was the last. Bellglobal is my ISP provider, and I'm
> connected via ADSL modem. In between these messages sometimes there
> are the following (I guess that's when existing service was found):
> 
> Apr 27 20:03:46 main in.telnetd[7141]: connect from cpu.adsl.bellglobal.com
> Apr 27 20:04:34 main in.ftpd[7145]: connect from cpu.adsl.bellglobal.com
> 
> Is this within frames of acceptable. I feel like complaining, but
> don't want to look like an idiot. :)
> 
> Any comments highly appreciated!

This is not acceptable.  This is analogous to some stranger on the street
coming up and feeling your crotch.

I suggest you contact bellglobal and complain.  If that does not work,
learn proper counter-measures.

-Mitch
Reply to: