Hello, I am seeing an inordinate amount of packages dropped on my firewall - all coming from the same source and hitting a very limited range of ports (as reported by psad):
=-=-=-=-=-=-=-=-=-=-=-= Mon Feb 19 10:34:03 2007 =-=-=-=-=-=-=-=-=-=-=-= Danger level: [1] (out of 5) Scanned tcp ports: [10258: 1 packets] tcp flags: [SYN: 1 packets, Nmap: -sT or -sS] Iptables chain: INPUT (prefix "Shorewall:net2all:DROP:"), 1 packets Source: 65.173.218.96 DNS: maverick14.sans.org Destination: XXX.XXX.XXX.XXX DNS: my.firewall.at.home Syslog hostname: firewall Current interval: Mon Feb 19 10:33:58 2007 (start) Mon Feb 19 10:34:03 2007 (end) Overall scan start: Mon Feb 19 08:19:11 2007 Total email alerts: 6 Complete tcp range: [10256-10258] chain: interface: tcp: udp: icmp: INPUT eth0 10 0 0 ------- Similar scans have been happening for weeks now, always from the same address. I realize that except for the fact that my firewall is running Debian (Sarge with some packages from Etch) this question is probably off-topic, but if anyone knows why I might be getting all this traffic, I would appreciate any hints. Thanks --j
signature.asc
Description: Digital signature