Date: Mon, 04 Dec 2000 08:36:24 -0600 From: Dennis James <dennisjames@geocities.com> Message-id: <00120408373201.01863@skj01> Subject: Am I being scanned? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I found this in my argus log and I want to make sure what it means. Thanks. Sun 12/03 13:20:16 tcp 192.168.1.1.4288 o> 192.231.221.145.80 13 15 335 6046 TIMSun 12/03 13:20:16 tcp 64.217.248.145.63776 o> 192.231.221.145.80 13 15 335 6046 TIM Sun 12/03 13:26:13 tcp 64.217.248.145.63786 <| 192.231.221.145.80 2 1 350 0 RST Sun 12/03 13:26:13 tcp 192.168.1.1.4288 <| 192.231.221.145.80 2 1 350 0 RST Sun 12/03 13:26:13 tcp 192.168.1.1.4321 -> 192.231.221.145.80 11 13 350 4499 CLO Sun 12/03 13:26:13 tcp 64.217.248.145.63787 -> 192.231.221.145.80 11 13 350 4499 CLO Sun 12/03 13:11:01 udp 205.188.153.100.4000 <-> 192.168.1.1.2243 21 28 1204 1042 CON Sun 12/03 13:27:31 tcp 64.217.248.145.63793 <| 192.231.221.145.80 2 1 337 0 RST Sun 12/03 13:26:13 tcp 192.168.1.1.4322 <| 192.231.221.145.80 7 4 632 361 RST Sun 12/03 13:27:31 tcp 64.217.248.145.63794 -> 192.231.221.145.80 6 4 337 297 CLO Sun 12/03 13:27:31 tcp 192.168.1.1.4328 -> 192.231.221.145.80 6 4 337 297 CLO Sun 12/03 13:27:49 tcp 64.217.248.145.63798 <| 192.231.221.145.80 7 4 681 341 RST Sun 12/03 13:27:49 tcp 192.168.1.1.4331 <| 192.231.221.145.80 7 4 681 341 RST Sun 12/03 13:28:12 tcp 192.168.1.1.4334 |> 192.231.221.145.80 9 8 717 1860 RST Sun 12/03 13:28:12 tcp 64.217.248.145.63801 |> 192.231.221.145.80 9 8 717 1860 RST Sun 12/03 13:26:13 tcp 64.217.248.145.63789 o> 192.231.221.145.80 5 3 295 361 TIM Sun 12/03 13:28:14 tcp 64.217.248.145.63802 -> 192.231.221.145.80 20 29 347 12488 CLO Sun 12/03 13:28:14 tcp 192.168.1.1.4335 -> 192.231.221.145.80 20 29 347 12488 CLO Sun 12/03 13:14:35 d tcp 205.188.153.139.9898 <o> 192.168.1.1.1127 66 68 5234 2714 TIM - -- Dennis James | dennisjames@geocities.com Registered Linux User #169330 ( http://counter.li.org ) Pure Linux (SUSE) User PGP key available on request PGP Fingerprint 42 50 7E 72 BA 51 F8 B7 5B D1 EC BE 11 1E 67 66 63 B5 33 68 -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQA/AwUBOiusMREeZ2ZjtTNoEQKxzgCdF3FpOKbpUigV2vIXHEh4GzToC1kAoOG0 yphcaaLD+Unu8oyjjpdrC6NW =7iw3 -----END PGP SIGNATURE-----
Message-ID: <3A2BAE89.87C8C5C4@iname.com> Date: Mon, 04 Dec 2000 14:47:37 +0000 From: Chris Reeves <chris.reeves@iname.com> Subject: Re: [SLE] Am I being scanned? Dennis James wrote:
I found this in my argus log and I want to make sure what it means. Thanks.
Sun 12/03 13:20:16 tcp 192.168.1.1.4288 o> 192.231.221.145.80 13 15 335 6046 TIMSun 12/03 13:20:16 tcp 64.217.248.145.63776 o> 192.231.221.145.80 13 15 335 6046 TIM Sun 12/03 13:26:13 tcp 64.217.248.145.63786 <| 192.231.221.145.80 2 1 350 0 RST Sun 12/03 13:26:13 tcp 192.168.1.1.4288 <| 192.231.221.145.80 2 1 350 0 RST Sun 12/03 13:26:13 tcp 192.168.1.1.4321 -> 192.231.221.145.80 11 13 350 4499 CLO Sun 12/03 13:26:13 tcp 64.217.248.145.63787 -> 192.231.221.145.80 11 13 350 4499 CLO
I wouldn't worry. As far as I can make out theese are just normal web server type activities (with a dash of ICQ). You can breathe a sigh of relief... Bye, Chris -- __ _ -o)/ / (_)__ __ ____ __ Chris Reeves /\\ /__/ / _ \/ // /\ \/ / ICQ# 22219005 _\_v __/_/_//_/\_,_/ /_/\_\
participants (2)
-
chris.reeves@iname.com -
dennisjames@geocities.com