Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.security > #124
| From | Chris Davies <chris-usenet@roaima.co.uk> |
|---|---|
| Newsgroups | comp.os.linux.security |
| Subject | Re: What is it? |
| Date | 2012-04-20 16:52 +0100 |
| Organization | Roaima. Harrogate, North Yorkshire, UK |
| Message-ID | <aad869xv0h.ln2@news.roaima.co.uk> (permalink) |
| References | <jmllk2$355$1@speranza.aioe.org> <u5t469xda9.ln2@news.roaima.co.uk> <jmrat8$6c0$1@speranza.aioe.org> |
"õÂÉÔØ ÓÐÁÍÅÒÁ" <dev@null.id> wrote: > Чт., 19 апр. 2012 10:58:22 числа Chris Davies написал: >> "????? ???????" <dev@null.id> wrote: >>> Why they scan strange DPTs? >>> SRC=65.49.14.73 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP SPT=80 DPT=51294 WINDOW=5792 RES=0x00 ACK SYN URGP=0 >> >> These look like web requests from DST to SRC. Either your iptables >> logging has SRC and DST the wrong way round or else something's trying >> to creep through a naive packet filter. I'd be inclined to go with the >> former suggestion. > Too many hosts from one network listen 80 port. It is not strange? No. Read what I said again. These are almost certainly mis-logged requests from YOUR system to web servers running on the remote systems such as 65.49.14.73. Chris
Back to comp.os.linux.security | Previous | Next — Previous in thread | Find similar
What is it? "õÂÉÔØ ÓÐÁÍÅÒÁ" <dev@null.id> - 2012-04-18 06:05 +0000
Re: What is it? Chris Davies <chris-usenet@roaima.co.uk> - 2012-04-19 08:58 +0100
Re: What is it? "õÂÉÔØ ÓÐÁÍÅÒÁ" <dev@null.id> - 2012-04-20 09:39 +0000
Re: What is it? Chris Davies <chris-usenet@roaima.co.uk> - 2012-04-20 16:52 +0100
csiph-web