You mean you are scanned thru the ports in the 2100 range and/or the 2400 range? Huh. At first, I thought you meant ports 21-24, which would make obvious sense but I am not clear on the intent for checking out the 2100s or 2400s. I have been running different types of scans against 63.98.105.3 and can neither make an OS determination nor find any port that is not filtered. Not even port 22 is open, so whoever it is doesn't use ssh. The other filtered ports indicate that this person also isn't running any kind of ftp server (or permit any kind of ftp access to him/herself or anyone else for that matter). No telnet access either. Often, I have found that when I get a "too many fingerprints to make an accurate OS guess" message (nmap), it turns out to be because it is receiving mixed fingerprints, possibly due to the fact that SOME port on the 63.98.105.3 box is open to the world while everything else is filtered through a different firewall box (not a sure thing but this is my experience thus far). On my own system at home, if I scan it from a remote location I get the "too many fingerprints" message, though I am running linux. The reason is that I have a cisco box between my box and the net and I have setup a port forward in the cisco box. Nmap sees responses from both the cisco AND my linux box, via port 22, so it screws up the ID. If I dump the port forward, nmap identifies the box as a Cisco. I am still trying, merely as a learning exercise at this point, to get ANY useful information from 63.98.105. Anthony Russello wrote: > > I'm not getting attacked from this alter.net IP, but I am being > constantly scanned on consecutive ports usually ranging in the 21xx or > 24xx range. My firewall (a windows based firewall/proxy ap on an > NT4 server) blocks both of these ranges, so all I see are requests on port > 21xx and each is denied. > > There are 3 separate IP addresses doing this, but they are one after the > other scanning ports in consecutive order. > > Anyone ever seen anything like this? > > > You are not alone, I've also been attacked by someone from this > > alter.net site. Do a google search for alter.net and you should find > > more information. > > > > From my searches, alter.net is a small? ISP in BC canada... > > > > > > On Wed, 29 Nov 2000 22:17:42 -0800, you wrote: > > > > >There is an ip number that started showing up in my postfix logs > > >as trying to access my smtp server (and access was apparently > > >denied each time). I assumed that someone was trying to use > > >my machine as a relay. To make sure that they can't get through, [...]
Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.