Hello,
I am seeing an inordinate amount of packages dropped on my firewall -
all coming from the same source and hitting a very limited range of
ports (as reported by psad):
=-=-=-=-=-=-=-=-=-=-=-= Mon Feb 19 10:34:03 2007
=-=-=-=-=-=-=-=-=-=-=-=
Danger level: [1] (out of 5)
Scanned tcp ports: [10258: 1 packets]
tcp flags: [SYN: 1 packets, Nmap: -sT or -sS]
Iptables chain: INPUT (prefix "Shorewall:net2all:DROP:"), 1
packets
Source: 65.173.218.96
DNS: maverick14.sans.org
Destination: XXX.XXX.XXX.XXX
DNS: my.firewall.at.home
Syslog hostname: firewall
Current interval: Mon Feb 19 10:33:58 2007 (start)
Mon Feb 19 10:34:03 2007 (end)
Overall scan start: Mon Feb 19 08:19:11 2007
Total email alerts: 6
Complete tcp range: [10256-10258]
chain: interface: tcp: udp: icmp:
INPUT eth0 10 0 0
-------
Similar scans have been happening for weeks now, always from the same
address. I realize that except for the fact that my firewall is
running Debian (Sarge with some packages from Etch) this question is
probably off-topic, but if anyone knows why I might be getting all
this traffic, I would appreciate any hints.
Thanks
--j
Attachment:
signature.asc
Description: Digital signature