Email address obfuscation in effect -- please
click here to turn it off.
[Date Prev][
Date Next][Thread Prev][
Thread Next][
Date Index][
Thread Index]
On Sat, 31 Mar 2001, Mikhail Kovalenko wrote:
> Mike Miller wrote:
>
> > My understanding is that it is *not* illegal to scan. But when I am
> > scanned (on several Sun computers on two subnets on campus), I report it
> > to the ISP of the offending machine.
>
> Mike, could you post an example of such a report? My machines get
> scanned on a regular basis, probes often coming in from several places
> at once:
>
> Mar 26 17:37:25 kernel: Packet log: input DENY eth0 PROTO=1
> 209.225.26.99:8 (#12)
> Mar 26 17:37:25 kernel: Packet log: input DENY eth0 PROTO=1
> 216.33.46.132:8 (#12)
> Mar 26 17:37:25 kernel: Packet log: input DENY eth0 PROTO=1
> 64.69.165.251:8 (#12)
> Mar 26 17:37:25 kernel: Packet log: input DENY eth0 PROTO=1
> 209.225.26.99:8 (#12)
> Mar 26 17:37:26 kernel: Packet log: input DENY eth0 PROTO=1
> 64.69.165.251:8 (#12)
> Mar 26 17:37:26 kernel: Packet log: input DENY eth0 PROTO=1
> 216.33.46.132:8 (#12)
Sure, I appended a typical report below -- it shows entries from my iplog
files. I have the various machines send me logs by e-mail, then I use
scripts to extract log entries. I have a file that I use as a form
letter. It's a bit of work, but it has been interesting.
What are you using? Your log doesn't look like iplog or tcp_wrappers log.
I don't understand from your log which port those machines were accessing.
Is it possible that your machine did something to evoke those responses?
Otherwise you are saying that it is a coordinated effort by at least three
different machines. I haven't had that happen to me during the one year
while I've been keeping track of these things.
Mike
--------------------------------------------------------------------------
Date: Sat, 31 Mar 2001 02:19:37 -0600 (CST)
From: Mike Miller <EMAIL:PROTECTED>
To: EMAIL:PROTECTED
Subject: sunrpc scan from aux-209-217-19-196.oklahoma.net
This sunrpc scan (info appended) hit all five Sun computers on our two
departmental subnets. The times given below are extremely accurate and
they are in the CST zone (-0600). Let us know if you are able to do
anything about this problem.
Thanks in advance,
Michael B. Miller, Ph.D.
Research Assistant Professor
Department of Psychological Sciences
University of Missouri--Columbia
http://taxa.psyc.missouri.edu/~mbmiller/
--------------------------------------------------------------------------
Lines from martha iplog.log file:
Mar 30 00:34:17 TCP: sunrpc connection attempt from aux-209-217-19-196.oklahoma.net:111
Mar 30 00:34:17 TCP: sunrpc connection attempt from aux-209-217-19-196.oklahoma.net:4242
Mar 30 00:34:17 TCP: sunrpc connection attempt from aux-209-217-19-196.oklahoma.net:907
Lines from moose iplog.log file:
Mar 30 00:34:14 TCP: sunrpc connection attempt from aux-209-217-19-196.oklahoma.net:111
Mar 30 00:34:14 TCP: sunrpc connection attempt from aux-209-217-19-196.oklahoma.net:4211
Mar 30 00:34:14 TCP: sunrpc connection attempt from aux-209-217-19-196.oklahoma.net:879
Lines from squirrel iplog.log file:
Mar 30 00:34:17 TCP: sunrpc connection attempt from aux-209-217-19-196.oklahoma.net:111
Mar 30 00:34:17 TCP: sunrpc connection attempt from aux-209-217-19-196.oklahoma.net:4240
Mar 30 00:34:17 TCP: sunrpc connection attempt from aux-209-217-19-196.oklahoma.net:906
Lines from sherman iplog.log file:
Mar 30 00:34:14 TCP: sunrpc connection attempt from aux-209-217-19-196.oklahoma.net:111
Mar 30 00:34:14 TCP: sunrpc connection attempt from aux-209-217-19-196.oklahoma.net:4213
Mar 30 00:34:14 TCP: sunrpc connection attempt from aux-209-217-19-196.oklahoma.net:880
Lines from taxa iplog.log file:
Mar 30 00:34:17 TCP: sunrpc connection attempt from aux-209-217-19-196.oklahoma.net:111
Mar 30 00:34:17 TCP: sunrpc connection attempt from aux-209-217-19-196.oklahoma.net:4241
Mar 30 00:34:17 TCP: sunrpc connection attempt from aux-209-217-19-196.oklahoma.net:908
--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php
Archives are available at http://mlug.missouri.edu/list-archives/
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact