Re: Confessions of a reluctant port scanner

To: debian-user@lists.debian.org
Subject: Re: Confessions of a reluctant port scanner
From: Patrick Albuquerque <patrickq@mts.net>
Date: Mon, 14 Jul 2003 13:32:15 -0500
Message-id: <[🔎] 20030714183215.GA2974@mts.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20030714024229.81791.qmail@web21405.mail.yahoo.com>
References: <[🔎] 20030714013117.GA13741@mts.net> <[🔎] 20030714024229.81791.qmail@web21405.mail.yahoo.com>

On Sun, Jul 13, 2003 at 07:42:29PM -0700, Bruce Banner wrote:
> It doesn't look like anything to worry about they are
> false positives leaving your network.  Your network is
> a private network 192.168.1.x and the false attacks
> are you hitting a dns probably your dns and your
> network hitting a website.  192.168.1 is a private
> network range that means they are unroutable on the
> public internet unless statically routed.  I would say
> they are false positives.  When running nmap run it on
> your eth0 interface as opposed to your loopback this
> can give different results.  check your home_net and
> dns server entries in snort.conf.  
> 

Thanks, your explanation makes sense.  I've taken a stab at configuring
snort.conf -- I hadn't looked at it before.

> 
> There is a script in cron.weekly that starts lpd once
> a week.

So there is!  (This had me more worried than the port scans...)
And good call about Slashdot -- I _was_ browsing there about that time,
and I was scanning Exodus too.

Thanks again for your help, Bruce.

Patrick
--

Reply to:

References:
- Confessions of a reluctant port scanner
  - From: Patrick Albuquerque <patrickq@mts.net>
- Re: Confessions of a reluctant port scanner
  - From: Bruce Banner <bruc3_banner@yahoo.com>

Prev by Date: Re: TCP/IP printing under Debian
Next by Date: compile and install custom patched debian kernel
Previous by thread: Re: Confessions of a reluctant port scanner
Next by thread: SSH: Corrupted MAC on input error - keeps recurring
Index(es):
- Date
- Thread