Hi all
Some interesting discussion going on here re: 'Someone is scanning me'
Do you guys actually get time to do any work? (kidding)
I get scans all the time but lately these alerts have been showing in my
FW log
with a destination of who knows?
Feb 19 08:06:45 gw kernel: securityalert: tcp if=ppp0 from
24.27.38.162:3721 to 210.9.41.5 on unserved port 8080
Feb 19 08:06:45 gw kernel: securityalert: tcp if=ppp0 from
24.27.38.162:3719 to 210.9.41.4 on unserved port 8080
Feb 19 08:06:45 gw kernel: securityalert: tcp if=ppp0 from
24.27.38.162:3723 to 210.9.41.6 on unserved port 8080
Feb 19 08:06:45 gw kernel: securityalert: tcp if=ppp0 from
24.27.38.162:3725 to 210.9.41.7 on unserved port 8080
Feb 19 08:42:19 gw kernel: securityalert: udp if=ppp0 from
199.4.142.161:137 to 210.9.41.5 on unserved port 137
Feb 19 08:42:27 gw kernel: securityalert: udp if=ppp0 from
199.4.142.161:137 to 210.9.41.6 on unserved port 137
Feb 19 08:42:34 gw kernel: securityalert: udp if=ppp0 from
199.4.142.161:137 to 210.9.41.7 on unserved port 137
Feb 19 17:02:07 gw kernel: securityalert: tcp if=ppp0 from
200.16.84.11:25685 to 210.9.41.5 on unserved port 143
My traceroute to 24.27.38.162 got cs2738-162.austin.rr.com
My traceroute to 210.9.41.5 got as far as FFAVA-RECYT4-128.secyt.gov.ar
(200.9.245.18) 1029.140 ms 1021.824 ms
Looks like Austin, Texas going to somewhere in Argentina?
The question is how did these packets end up at my firewall? Is it
routing? DNS?
We do not support or advertise a webserver in our domain.
Who can I talk to about this? My ISP? Their ISP?
Cheers
TIA
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
