On Sat, May 26, 2001 at 02:39:46PM -0400, Paul Wright wrote: > Hi all, > > Someone's been port-scanning me, checking only some high ports. Here are > my relevant log entries: > > > May 26 13:39:30 j001 ippl: port 37397 connection attempt from 216.136.179.238 > May 26 13:43:03 j001 ippl: port 37404 connection attempt from 216.136.179.238 > May 26 13:43:06 j001 ippl: port 37404 connection attempt from 216.136.179.238 > May 26 13:45:55 j001 ippl: port 37406 connection attempt from 216.136.179.238 > May 26 13:45:58 j001 ippl: port 37406 connection attempt from 216.136.179.238 > May 26 13:47:10 j001 ippl: port 37408 connection attempt from 216.136.179.238 > May 26 13:49:30 j001 ippl: port 37412 connection attempt from 216.136.179.238 > > Does anyone know what they may be looking for in that range?
Looks to me like an FTP site you connected to, but the port numbers are a little high. > Does anyone know of a good reference for info (vulnerabilities sorted by > port, service, etc)? Add a deb-src line to unstable to your sources.list: 09:22 tty2 $ tail -2 /etc/apt/sources.list deb-src http://non-us.debian.org/debian-non-US unstable/non-US main contrib non-free and do apt-get -b source portsentry. Install the .deb it produces. You might also want logcheck. > Thanks in advance for any help / advice. Hope this helps. Good luck in your job search. Rob -- Be nice to people on the way up, because you'll meet them on your way down. -- Wilson Mizner