Re: A flurry of port scans
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: A flurry of port scans

From: Anne <anne_simpson1@hmail.com>
Date: Mon Jul 25 2005 - 15:19:20 CEST




"Duane Arnold" <Notme@notme.com> wrote in message 


news:Kg5Fe.178746$x96.53437@attbi_s72...


> Anne wrote:



>> For the past three days I've had a flurry of alerts from Zonealarm,


>> registering high rating activity - all blocked OK, but logged.


>


> How can you be having unsolicited port scans behind a NAT router from the


> Internet? You cannot be having it.


>


> Duane :)



Good, isn't it? :o)



Here's what showed up on the latest alert log...



      Alert property Alert property value


      Source IP Address 211.218.219.162


      Source Port 1023


      Destination IP 82.4.93.xxx


      Destination Port 111


      TCP Flags SYN


      Transport Layer Protocol TCP


      Network Layer Protocol IP


      Link Layer Protocol Ethernet


      Alert Date Jul-25-2005 04:47:46 AM PDT


      Alert Count 1



...and a Whois lookup which pointed to Korea.


Does that shed any light? 


Received on Thu Sep 29 19:59:26 2005