Right, *not* distributed. Also, s/minutes/seconds/ -- my bad. :P On Fri, Oct 21, 2011 at 11:27, fooler mail <[email protected]> wrote: > On Fri, Oct 21, 2011 at 11:12 AM, Danny Ching <[email protected]> wrote: >> >> On Fri, Oct 21, 2011 at 10:44 AM, Ian Dexter R. Marquez >> <[email protected]> wrote: >>> >>> On Fri, Oct 21, 2011 at 09:41, Danny Ching <[email protected]> wrote: >>> > someone is accessing my server on this port. why are the source ports >>> > random? >>> >>> Client source ports are supposed to be random (ephemeral ports). >>> Someone from 46.105.180.237 is trying to contact the web server at >>> 10.0.0.3 every 10 minutes. Possible DDOS? >> >> DDOS is what went through my mind, but only from one address? Anyways will >> continue to monitor this. Thanks. > > it is not a *distributed* denial of service attack (DDOS) because of a > single source IP :-> pattern shows it probing or scanning your web > server every 10 seconds.. > > it is not likely a legitimate access because of 10 seconds interval.. > > you got a random source port because of ephemeral ports... client > side connect and disconnect every 10 seconds.. that is why you see > different source ports... > > it just normal if your server put online on the internet... what > important most.. your web server is updated with the latest security > patches... > > fooler. > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph >
-- Ian Dexter R. Marquez http://iandexter.com _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
