Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: guest22 on February 19, 2004, 01:25:47 PM

Title: Portscan from SME 5.6
Post by: guest22 on February 19, 2004, 01:25:47 PM: Hi,

I received a report from an external party that my SME 5.6 performed a portscan on _their_ server. Here's their log:

--------
detected (ports: 1153/tcp, 1154/tcp, 1155/tcp, 1162/tcp,
1166/tcp, 1169/tcp, 1168/tcp, 1173/tcp, 1188/tcp, 1187/tcp, 1201/tcp,
1204/tcp, 1206/tcp, 1220/tcp, 1217/tcp, 1221/tcp, 1232/tcp, 1234/tcp,
1224/tcp, 1226/tcp).
--------

Ofcourse I don't scan other hosts and I am not aware of any other component on the server that does this. Also I checked for intrusions on my own server and checked for rootkits as well, all clear.

Does anybody have seen something similar?

TIA

RequestedDeletion
Title: scan
Post by: robert_from_au on February 19, 2004, 01:39:02 PM: No scan from you in my logs..
Thing is we get scanned all the time. 1000's of probes. After a while I just let Ari-mitel-acid & guardian do their thing...
I have taken to deleting the "firewall change" notifications to admin as guardian was blocking 20 IP's an hour.

Do you need an external scan on your server to see what's open?
robert
www.sme-server.net
Title: Portscan from SME 5.6
Post by: warren on February 20, 2004, 11:02:12 AM: Hi RequestedDeletion ,

Is this not just someone spoofing your ip when the scanner was run ?

Warren

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy | Terms and Policies