On Fri, Oct 21, 2011 at 9:41 AM, Danny Ching <[email protected]> wrote: > [LAN access from remote] from 46.105.180.237:49422 to 10.0.0.3:80 Friday, > Oct 21,2011 09:38:32 > [LAN access from remote] from 46.105.180.237:33853 to 10.0.0.3:80 Friday, > Oct 21,2011 09:38:21 > [LAN access from remote] from 46.105.180.237:20773 to 10.0.0.3:80 Friday, > Oct 21,2011 09:38:11 > [LAN access from remote] from 46.105.180.237:62627 to 10.0.0.3:80 Friday, > Oct 21,2011 09:38:01 > [LAN access from remote] from 46.105.180.237:54914 to 10.0.0.3:80 Friday, > Oct 21,2011 09:37:50 > someone is accessing my server on this port. why are the source ports > random?
Client source ports are supposed to be random; attempts to connect every 10 seconds or so isn't. Whois says its IP is from a UK hosting service,[0] so most probably (a) some compromised server on their end trying to get to another box, or (b) a legit (but possibly misconfigured) server that's supposed to monitor if another service is alive :P [0]: http://new.whois.net/whois/46.105.180.237 -- Zak B. Elep || zakame.net 1486 7957 454D E529 E4F1 F75E 5787 B1FD FA53 851D _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
