"Admin" <admin@eregion.de> wrote:
On 16 Feb 2000 10:26:19 +0100, Eilert Brinkmann wrote:
"Admin" <admin@eregion.de> wrote:
Feb 13 19:17:30 aragorn scanlogd: From 209.144.167.150:20 to 192.168.238.3 ports 3021, 3022, 3023, 3024, 3025, 3026, 3027, 3028, 3029,..., flags ??r??u, TOS 08, TTL 49, started at 19:17:15
In the situation you describe you can be sure this is *not* a portscan. Your FTP data connections trigger this warning.
so why didn't I get portscan log eintries just now, I had the same script which runs on sundays (when the log entries happen) run manually just a few minutes ago, and guess what, no portscan entries in the logfiles...
scanlogd writes this messagages when it detects a large number of connections within a short time. Maybe this time you did fewer transfers or there was more time between connections. Just a guess... Eilert -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Eilert Brinkmann -- Universitaet Bremen -- FB 3, Informatik eilert@informatik.uni-bremen.de - eilert@tzi.org - eilert@linuxfreak.com http://www.informatik.uni-bremen.de/~eilert/