[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sheflug] Re: Security : Port scanning
Chris
> My own logs are much worse than this :)
In reply to myself and example of what was happening at 10.15 this
morning.... I was being scanned from .... 217.228.102.98.... dig
-x reveals....
; <<>> DiG 9.2.2 <<>> -x 217.228.102.98
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45520
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5
;; QUESTION SECTION:
;98.102.228.217.in-addr.arpa. IN PTR
;; ANSWER SECTION:
98.102.228.217.in-addr.arpa. 86024 IN PTR
pD9E46662.dip.t-dialin.net.
;; AUTHORITY SECTION:
102.228.217.in-addr.arpa. 86024 IN NS dns01.btx.dtag.de.
102.228.217.in-addr.arpa. 86024 IN NS dns04.btx.dtag.de.
102.228.217.in-addr.arpa. 86024 IN NS dns51.t-ipnet.de.
102.228.217.in-addr.arpa. 86024 IN NS pns.dtag.de.
102.228.217.in-addr.arpa. 86024 IN NS
techfac.techfak.uni-bielefeld.de.
;; ADDITIONAL SECTION:
dns01.btx.dtag.de. 3823 IN A 194.25.2.130
dns04.btx.dtag.de. 3823 IN A 194.25.2.133
dns51.t-ipnet.de. 3823 IN A 217.5.100.186
pns.dtag.de. 2213 IN A 194.25.0.125
techfac.techfak.uni-bielefeld.de. 462 IN A 129.70.132.100
;; Query time: 90 msec
;; SERVER: 194.247.47.47#53(194.247.47.47)
;; WHEN: Thu May 8 10:18:07 2003
;; MSG SIZE rcvd: 306
What this probably means is that someone else is using someones
connection at home or in the office without the owner knowing about
it. Making a claim that a certain company or individual is doing it
is wrong because it's frequently the case that this is not so. You
normally find that the persons computer is being used from somewhere
like the U.S or Japan or Taiwan by a remote operator.
You have to think about the info that you are looking at and ignore
it. Or, use it wisely.
--
Richard
___________________________________________________________________
Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html
GNU the choice of a complete generation.