Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.security > #122
| From | Chris Davies <chris-usenet@roaima.co.uk> |
|---|---|
| Newsgroups | comp.os.linux.security |
| Subject | Re: What is it? |
| Date | 2012-04-19 08:58 +0100 |
| Organization | Roaima. Harrogate, North Yorkshire, UK |
| Message-ID | <u5t469xda9.ln2@news.roaima.co.uk> (permalink) |
| References | <jmllk2$355$1@speranza.aioe.org> |
"õÂÉÔØ ÓÐÁÍÅÒÁ" <dev@null.id> wrote: > Why they scan strange DPTs? > SRC=65.49.14.73 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP SPT=80 DPT=51294 WINDOW=5792 RES=0x00 ACK SYN URGP=0 These look like web requests from DST to SRC. Either your iptables logging has SRC and DST the wrong way round or else something's trying to creep through a naive packet filter. I'd be inclined to go with the former suggestion. Chris
Back to comp.os.linux.security | Previous | Next — Previous in thread | Next in thread | Find similar
What is it? "õÂÉÔØ ÓÐÁÍÅÒÁ" <dev@null.id> - 2012-04-18 06:05 +0000
Re: What is it? Chris Davies <chris-usenet@roaima.co.uk> - 2012-04-19 08:58 +0100
Re: What is it? "õÂÉÔØ ÓÐÁÍÅÒÁ" <dev@null.id> - 2012-04-20 09:39 +0000
Re: What is it? Chris Davies <chris-usenet@roaima.co.uk> - 2012-04-20 16:52 +0100
csiph-web