Oliver Hofmann wrote:
X-Priority: 3 (Normal) X-Authenticated-Sender: #0000558616@gmx.net X-Authenticated-IP: [134.95.151.83] Message-ID: <17912.968921288@www15.gmx.net> X-Mailer: WWW-Mail 1.5 (Global Message Exchange) X-Flags: 0001 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit
Hello everyone!
Been using Google for quite a while now, usually not from a static IP though. Recently I noticed the following log entries showing up frequently while I was not browsing their site:
Sep 12 15:21:40 oho snort[1345]: spp_portscan: PORTSCAN DETECTED from 64.209.200.100 Sep 12 15:21:46 oho snort[1345]: spp_portscan: portscan status from 64.209.200.100: 1 connections across 1 hosts: TCP(1), UDP(0) STEALTH Sep 12 15:21:52 oho snort[1345]: spp_portscan: End of portscan from 64.209.200.100
While I am aware that they are not doing a portscan I'm curious nevertheless. Any idea what this might be about?
Many thanks in advance,
Oliver
It would be a safe guess that who ever is port scanning you is spoofing google's IP. This is not uncommon in the world of port scanning. Take nmap for instance, it gives you an option to use a decoy address when scanning a host. jason