Re: OT: port scan
On Tue, 28 Nov 2000 12:15:39 -0600 (CST), Damian Menscher said:
> > I usually do not report attempts to connect to single ports.
> You might want to keep in mind that scans of all ports are often just
> general curiosity about what kind of stuff a computer is being used for,
> while scans of a single port (on every machine in your subnet) is often
> someone looking for a machine vulnerable to a *particular* exploit. So
> I'd say don't ignore the single-port scans. They are as (or more)
I forgot to explain that I am on a dynamic IP address, and the reason I do
not bother with single port scans is that someone else on the same IP
address may have been running a server. If I see scans to certain ports,
known to be searches for exploits, I always send the ISP the log entry.
> Of course, a connection to a single port on a single machine is probably
> just some idiot who mistyped an IP address....
exactly, and I don't want to cause trouble needlessly.