Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: scan log

Re: scan log

From: Jason Witty <jason_at_WITTYS.COM>
Date: Mon, 12 Jun 2000 18:29:28 -0500

Max,

This looks an aweful lot like an valid FTP data connection to me (based on
the source port {20}).

Jason

At 10:30 PM 6/11/00 -0500, Max Gribov wrote:
>this are logs of a port scan i have recently recieved on one of my
>machines. i searched for those ports in all known port databases to me,
>but couldnt find anything. why would someone scan that specific range
>(observe the precise inrementation) of ports on a linux machine?
>
>Jun 11 22:20:21 mordor scanlogd: From 209.3.31.70:20 to 151.202.106.23
>ports 2632, 2633, 2634, 2635, 2636, 2637, 2638, 2639, 2640, ..., flags
>??r??u, TOS 00, TTL 60, started at 22:20:13
>
>
>--
>Max Gribov
>System Administrator
>
>Knowledge Propulsion Laboratories
>www.kplab.com
>
>
Received on Jun 14 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos