[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: port scan

On Tue, 28 Nov 2000 12:15:39 -0600 (CST), Damian Menscher said:

>  > I usually do not report attempts to connect to single ports.
>  You might want to keep in mind that scans of all ports are often just
>  general curiosity about what kind of stuff a computer is being used for,
>  while scans of a single port (on every machine in your subnet) is often
>  someone looking for a machine vulnerable to a *particular* exploit.  So
>  I'd say don't ignore the single-port scans.  They are as (or more)
>  serious.
I forgot to explain that I am on a dynamic IP address, and the reason I do
not bother with single port scans is that someone else on the same IP
address may have been running a server.  If I see scans to certain ports,
known to be searches for exploits, I always send the ISP the log entry.
>  Of course, a connection to a single port on a single machine is probably
>  just some idiot who mistyped an IP address....

exactly, and I don't want to cause trouble needlessly.


Reply to: