Mailinglist Archive: opensuse (2234 mails)
| < Previous | Next > |
[SLE] Fwd: [suse-security] nmap
- From: gconron@xxxxxxxxxxxxxx (Gregory Conron)
- Date: Sun, 12 Sep 1999 17:03:47 -0300
- Message-id: <99091217071501.00258@Lucia>
Hi all,
Here is a response I received from the SuSE Security email list.
HTH,
GC
---------- Forwarded Message ----------
Subject: [suse-security] nmap
Date: Sun, 12 Sep 1999 14:46:45 -0500
From: "ice9" <sdanahy@xxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Well, to me it looks like this guy was scanning for your RPC services
(hence the high port numbers). Most likely, he's looking for a
specific RPC service that he has aquired an exploit for, so this is
porobably a mass scan.
He also sourced the scan to port 20 (FTP-DATA) to give him a better
chance of being let through a firewall.
The question is, were you running the RPC service this guy was
looking for?
You also might want to let tli.de know that somone is port scanning
from their mail server. (Most likely hacked as well)
Scott G. Danahy
- ----- Original Message -----
From: Gregory Conron <gconron@xxxxxxxxxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Saturday, September 11, 1999 9:04 PM
Subject: [suse-security] nmap
> Hi all,
> Seems I am getting scanned from 195.252.142.6. What can anyone
> tell me about the type of scan (aside from the fact s/he is
> using nmap) and the flags set? Something to worry about, or just
> someone scanning a block of IPs looking for an a possible
> exploit? The log from /var/log/warn is attached below, and the
> address is mail.tli.de
>
> Thanks,
> Gregory Conron
>
> --- /var/log/warn
> Sep 11 22:14:59 Lucia scanlogd: From 195.252.142.6:20 to
> 24.222.24.206 ports 2558, 2559, 2560, 2561, 2562, 2563, 2564,
> 2565, 2566, ..., flags ??r??u, TOS 08, TTL 236, started at
> 22:14:51
> Sep 11 22:18:01 Lucia scanlogd: From 195.252.142.6:20
> to 24.222.24.206 ports 4102, 4115, 4128, 4153, 4166, 4179, 4204,
> 4218, 4231, ..., flags ??r??u, TOS 08, TTL 236, started at
> 22:17:54
> Sep 11 22:18:36 Lucia scanlogd: From 195.252.142.6:20
> to 24.222.24.206 ports 4936, 4961, 4974, 4999, 1038, 1052, 1073,
> 1100, 1120, ..., flags ??r??u, TOS 08, TTL 236, started at
> 22:18:29
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
iQA/AwUBN9wCZiXYR5yQ1RJFEQIeKQCfSOgxj8tWtbcmMS7p3Sde6p+ElMEAn3jS
TbuS+AykPjESsJ8tr892gkmR
=ev0u
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx
--
To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
| < Previous | Next > |