Help - Search - Members - Calendar
Full Version: Help!
Linuxhelp > Support > Technical Support
Robert83
Hi,

so it happened eventualy, I think a person found something interestin about my ip adress, connections to port 30xxx+ are coming in from 152.2.210.121 , slowly but as I see he's trying out some ports....

What to do?

It says in WHOIS that it's from the California University.... should I send an e-mail to them with the iptables log about that specific ip adress, and ask them really nice to do something about it?

or should I just do that drop-and-log-it for this IP adress specificaly


Sincerely
Robert B
hughesjr
I would definately do a drop-and-log his specific IP address ... and I would find the abuse e-mail address and mail them the IP Tables results (if it continues).

More likely than not, he will get tired and move to another (less secure) target (if it is being done on purpose)....remember ... lots of times the scans are really computers infected with a worm/virus and the PC owner just doesn't know. If he is continously looking at a specific port, you can check out that port at:

http://isc.incidents.org/port_details.html

input the port number and it will tell you if that port is being scanned by lots of people ... why someone would want to scan it, what runs on it, etc.

Also check out the home page for incidents.org (they have more than just the ports info).
hughesjr
Also remember that if people inside your network are doing things like kaaza, limeware, (even bittorrent and regular Active FTP vice Passive FTP) then they could be causing what looks like an unsolitiated event when it is not.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.