I've been getting scanned...

To: debian-user@lists.debian.org
Subject: I've been getting scanned...
From: Paul Wright <paul@cvanet.com>
Date: Sat, 26 May 2001 14:39:46 -0400
Message-id: <[🔎] 153iyY-3mp-00@j001.june.net>

Hi all,

Someone's been port-scanning me, checking only some high ports. Here are 
my relevant log entries:


May 26 13:39:30 j001 ippl: port 37397 connection attempt from 216.136.179.238
May 26 13:43:03 j001 ippl: port 37404 connection attempt from 216.136.179.238
May 26 13:43:06 j001 ippl: port 37404 connection attempt from 216.136.179.238
May 26 13:45:55 j001 ippl: port 37406 connection attempt from 216.136.179.238
May 26 13:45:58 j001 ippl: port 37406 connection attempt from 216.136.179.238
May 26 13:47:10 j001 ippl: port 37408 connection attempt from 216.136.179.238
May 26 13:49:30 j001 ippl: port 37412 connection attempt from 216.136.179.238

Does anyone know what they may be looking for in that range?

Does anyone know of a good reference for info (vulnerabilities sorted by 
port, service, etc)?

Does anyone how I can find out who/where/what-domain or host is using that 
ip?  

Thanks in advance for any help / advice.


-- 
Paul T. Wright <paul@cvanet.com>
-currently seeking employment-

Reply to:

Follow-Ups:
- Re: I've been getting scanned...
  - From: "Leonard Leblanc" <lleblanc@emergeknowledge.com>
- Re: I've been getting scanned...
  - From: John Galt <galt@inconnu.isu.edu>
- Re: I've been getting scanned...
  - From: Rob Mahurin <robm@mad.scientist.com>

Prev by Date: Authenticating for Web Access
Next by Date: LAME not included in Debian
Previous by thread: Authenticating for Web Access
Next by thread: Re: I've been getting scanned...
Index(es):
- Date
- Thread