Confessions of a reluctant port scanner
Hello,
Anyone have an idea why I'm a portscanner?
I'm running unstable, dsl thru a router.
Some sample snort output:
[**] [117:1:1] (spp_portscan2) Portscan detected from 192.168.1.1: 6
targets 6 ports in 19 seconds
[**]
07/13-15:11:32.418841 192.168.1.1:32769 -> 198.32.64.12:53
UDP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:71 DF
Len: 43
[**] [117:1:1] (spp_portscan2) Portscan detected from 192.168.1.1: 6
targets 6 ports in 52 seconds
[**]
07/13-15:25:53.462024 192.168.1.1:34869 -> 66.35.250.150:80
TCP TTL:64 TOS:0x0 ID:45297 IpLen:20 DgmLen:60 DF
******S* Seq: 0x51642A4F Ack: 0x0 Win: 0x16D0 TcpLen: 40
TCP Options (5) => MSS: 1460 SackOK TS: 1350334 0 NOP WS: 0
whois says these particular targets are
OrgName: Exchange Point Blocks
OrgName: Cable & Wireless
and I have no connection to them AFAICT.
nmap localhost says:
Starting nmap 3.27 ( www.insecure.org/nmap/ ) at 2003-07-13 20:25 CDT
Interesting ports on loopback (127.0.0.1):
(The 1618 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
111/tcp open sunrpc
953/tcp open rndc
Also, every now and then, I notice lpd running. I don't have a printer,
and lpd is not in /etc/rc2.d
Sorry, but I'm pretty ignorant regarding network/security issues.
Is it time to panic yet?
Thanks for any advice.
Patrick.
Reply to: