From the traceroute info, it's a RR customer in South Carolina.
Get you trace logs together from the scan attempt, provide the time zone and time of day that the scans took place, your IP address at the time of the incident and send them off to [EMAIL PROTECTED] and let them deal with it.
You're going to see a lot of this kind of junk on broadband connections. I usually just ignore it unless the person is plain just being obnoxious about it.
Nothing you do will ward-off port scan attempts. They're going to port scan you no matter what you have in place. Just make sure you have some kind of firewall in place to keep them out.
Jeff G.
James Brigman wrote:
Hey guys;
How's service for you guys with time warner cable in the Raleigh area? I'm having a little bit of trouble with port scans coming from a particular host. Here's what the log entry looks like:
Wed, 03/23/2005 13:53:05 - TCP connection dropped - Source:24.88.87.240, 3307, WAN - Destination:24.88.248.163, 80, LAN - 'Possible Port Scan'
I'm getting lots of these all day long. Does 24.88.87.240 ring a bell with anyone? Are there any defensive measures I can take with a basic firmware firewall? Would rolling my own Linux firewall give me any good options for warding off these port scans?
JKB
-- Law of Procrastination: Procrastination avoids boredom; one never has the feeling that there is nothing important to do.
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
