I know this seems like a given, but have you checked your bash_history (if it still exists), /var/log/messages, etc? Do you use a kernel with modules enabled? Do you have a firewall between the server and the outside world that would yeild any insight as to what that suspected box is doing?
On Fri, January 20, 2006 06:24, darren kirby wrote: > quoth the Jean Blignaut: >> Hi All > >> I was contacted an hour or so aggo by some one claiming that they are >> being port scanned by an ip used on one of our production gentoo >> servers. > > This could possibly be someone using your machine as a zombie host for an > idlescan: > http://www.insecure.org/nmap/idlescan.html > >> Best Regards >> >> Jean Blignaut > > -d > -- > darren kirby :: Part of the problem since 1976 :: http://badcomputer.org > "...the number of UNIX installations has grown to 10, with more > expected..." > - Dennis Ritchie and Ken Thompson, June 1972 > -- Steven McCoy Site Development/Manager IndigoRobot Services http://www.indigorobot.com mailto:[EMAIL PROTECTED] -- [email protected] mailing list
