[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sheflug] Re: Security : Port scanning

To: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Subject: [Sheflug] Re: Security : Port scanning
From: Richard Ibbotson <richard [at] xxxxxxxxxxxxx>
Date: Thu, 8 May 2003 10:27:34 +0100
Delivered-to: shef-lug [at] list.sheflug.org.uk
List-help: <mailto:shef-lug-request [at] list.sheflug.org.uk?subject=help>
List-id: Sheflug <shef-lug.list.sheflug.org.uk>
List-post: <mailto:shef-lug [at] list.sheflug.org.uk>
List-subscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=subscribe>
List-unsubscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=unsubscribe>
Organization: Sheffield Linux User's Group
Reply-to: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Sender: shef-lug-admin [at] xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.5.1

Chris


> My own logs are much worse than this :)


In reply to myself and example of what was happening at 10.15 this 
morning....  I was being scanned from ....   217.228.102.98....  dig 
-x reveals....


; <<>> DiG 9.2.2 <<>> -x 217.228.102.98
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45520
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5

;; QUESTION SECTION:
;98.102.228.217.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
98.102.228.217.in-addr.arpa. 86024 IN   PTR     
pD9E46662.dip.t-dialin.net.

;; AUTHORITY SECTION:
102.228.217.in-addr.arpa. 86024 IN      NS      dns01.btx.dtag.de.
102.228.217.in-addr.arpa. 86024 IN      NS      dns04.btx.dtag.de.
102.228.217.in-addr.arpa. 86024 IN      NS      dns51.t-ipnet.de.
102.228.217.in-addr.arpa. 86024 IN      NS      pns.dtag.de.
102.228.217.in-addr.arpa. 86024 IN      NS      
techfac.techfak.uni-bielefeld.de.

;; ADDITIONAL SECTION:
dns01.btx.dtag.de.      3823    IN      A       194.25.2.130
dns04.btx.dtag.de.      3823    IN      A       194.25.2.133
dns51.t-ipnet.de.       3823    IN      A       217.5.100.186
pns.dtag.de.            2213    IN      A       194.25.0.125
techfac.techfak.uni-bielefeld.de. 462 IN A      129.70.132.100

;; Query time: 90 msec
;; SERVER: 194.247.47.47#53(194.247.47.47)
;; WHEN: Thu May  8 10:18:07 2003
;; MSG SIZE  rcvd: 306




What this probably means is that someone else is using someones 
connection at home or in the office without the owner knowing about 
it.  Making a claim that a certain company or individual is doing it 
is wrong because it's frequently the case that this is not so.  You 
normally find that the persons computer is being used from somewhere 
like the U.S or Japan or Taiwan by a remote operator.

You have to think about the info that you are looking at and ignore 
it.  Or, use it wisely.


-- 
Richard
___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.

References:
- RE: [Sheflug] Security : Port scanning
  - From: Chris Johnson
- [Sheflug] Re: Security : Port scanning
  - From: Richard Ibbotson

Prev by Date: Re: [Sheflug] Re: Security : Port scanning
Next by Date: RE: [Sheflug] Re: Security : Port scanning
Previous by thread: Re: [Sheflug] Re: Security : Port scanning
Next by thread: RE: [Sheflug] Security : Port scanning
Index(es):
- Date
- Thread