Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Getting hit with request

from [Phil Dyer] Network Security [Permanent Link]
Subject: Re: Getting hit with request
Date: Thu, 28 Oct 2004 21:50:21 -0400 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tony Sodaro (sodaro.com) wrote:

Can someone explain why the server is probing my IP:



Source:66.103.146.100, 3494, WAN -      Destination:x.x.x.x, 9562, LAN

Source:66.103.146.100, 3494, WAN -      Destination:x.x.x.x, 2913, LAN

Source:66.103.146.100, 3494, WAN -      Destination:x.x.x.x, 3858, LAN

Source:66.103.146.100, 3494, WAN -      Destination:x.x.x.x, 10122, LAN


You don't say what the box on your side is. Is it your home cable/dsl
line? A server with static IP? Looks like an nmap scan to me. From what
you show, it doesn't look any different than what I see 3000 times a day
on my /24.

If your box is on a dsl connection, maybe the probe was meant for the
user that had that ip before you. Perhaps the admin of the server was
grepping through his logs and saw an attack or probe and decided to
probe back, but now the ip had changed hands. Maybe the server is
r00t3d. To wide open for speculation. Insert grassy knoll here.

+==========================
+ Phil Dyer
+ email: phil.dyer@cox.net
+==========================


-----BEGIN PGP SIGNATURE-----
Comment: Public Key: http://www.dyermaker.org/gpgkey.asc

iD8DBQFBgaHd0q9tKssDeQcRApMGAJ9m/LGNAU5uicfXT412i+pPdIlxZACeLDhU
ISUdu4AlB0glxCmXQ/ZBorY=
=x+A0
-----END PGP SIGNATURE-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Win XP SP2 firewall problem..., Matt Willson
Next by Date:  RE: Iptables rules comparation, Bugtraq
Previous by Thread:  Getting hit with request, Tony Sodaro \(sodaro.com\)
Next by Thread:  PIX 535 question, Bhargav Vyas
Indexes:  [Date] [Thread] [Top] [All Lists]