[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Confessions of a reluctant port scanner

Hello,

Anyone have an idea why I'm a portscanner?
I'm running unstable, dsl thru a router.

Some sample snort output:

[**] [117:1:1] (spp_portscan2) Portscan detected from 192.168.1.1: 6
targets 6 ports in 19 seconds
[**]
07/13-15:11:32.418841 192.168.1.1:32769 -> 198.32.64.12:53
UDP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:71 DF
Len: 43

[**] [117:1:1] (spp_portscan2) Portscan detected from 192.168.1.1: 6
targets 6 ports in 52 seconds
[**]
07/13-15:25:53.462024 192.168.1.1:34869 -> 66.35.250.150:80
TCP TTL:64 TOS:0x0 ID:45297 IpLen:20 DgmLen:60 DF
******S* Seq: 0x51642A4F  Ack: 0x0  Win: 0x16D0  TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 1350334 0 NOP WS: 0

whois says these particular targets are 
	OrgName:    Exchange Point Blocks
	OrgName:    Cable & Wireless
and I have no connection to them AFAICT.

nmap localhost says:
Starting nmap 3.27 ( www.insecure.org/nmap/ ) at 2003-07-13 20:25 CDT
Interesting ports on loopback (127.0.0.1):
(The 1618 ports scanned but not shown below are in state: closed)
Port       State       Service
22/tcp     open        ssh
25/tcp     open        smtp
53/tcp     open        domain
111/tcp    open        sunrpc
953/tcp    open        rndc

Also, every now and then, I notice lpd running.  I don't have a printer,
and lpd is not in /etc/rc2.d

Sorry, but I'm pretty ignorant regarding network/security issues.

Is it time to panic yet?

Thanks for any advice.

Patrick.
Reply to: