Topic: Portscan from SME 5.6

[guest22]

Hi,

I received a report from an external party that my SME 5.6 performed a portscan on _their_ server. Here's their log:

--------
detected (ports: 1153/tcp, 1154/tcp, 1155/tcp, 1162/tcp,
1166/tcp, 1169/tcp, 1168/tcp, 1173/tcp, 1188/tcp, 1187/tcp, 1201/tcp,
1204/tcp, 1206/tcp, 1220/tcp, 1217/tcp, 1221/tcp, 1232/tcp, 1234/tcp,
1224/tcp, 1226/tcp).
--------

Ofcourse I don't scan other hosts and I am not aware of any other component on the server that does this. Also I checked for intrusions on my own server and checked for rootkits as well, all clear.

Does anybody have seen something similar?

TIA

RequestedDeletion

[robert_from_au]

No scan from you in my logs..
Thing is we get scanned all the time. 1000's of probes. After a while I just let Ari-mitel-acid & guardian do their thing...
I have taken to deleting the "firewall change" notifications to admin as guardian was blocking 20 IP's an hour.

Do you need an external scan on your server to see what's open?
robert
www.sme-server.net

[warren]

Hi RequestedDeletion ,

Is this not just someone spoofing your ip when the scanner was run ?

Warren