Stephen Thompson <s.p.thompson@mindspring.com> wrote:
Feb 14 10:57:59 reaper scanlogd: From 216.77.42.93:20 to 192.168.0.51 ports 1764, 1765, 1766, 1767, 1768, 1769, 1770, 1771, 1772, ..., flags ??rp?u, TOS 10, TTL 114, started at 10:57:45 [...]
Probably this was a number of FTP transfers, not a portscan. FTP opens a new TCP connection for each file or directory listing tranferred. scanlogd warnings are triggered by many connections from the same host within a short time, therefore it is not unusual that scanlogd interprets FTP sessions as portscans. So, *if* you did FTP to 216.77.42.93 at that time, you don't have to worry. Eilert -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Eilert Brinkmann -- Universitaet Bremen -- FB 3, Informatik eilert@informatik.uni-bremen.de - eilert@tzi.org - eilert@linuxfreak.com http://www.informatik.uni-bremen.de/~eilert/
You can use a socks proxy (see http://www.socks.nec.com/ ) with icq, that's the easyiest way to do ... regards Markus Gaugusch -- ________________________________________ Markus Gaugusch markus@gaugusch.dhs.org ICQ-ID: 11374583 [www.mirabilis.com]
participants (2)
-
Eilert Brinkmann -
Markus Gaugusch