On Fri, Oct 21, 2011 at 11:12 AM, Danny Ching <[email protected]> wrote: > > On Fri, Oct 21, 2011 at 10:44 AM, Ian Dexter R. Marquez > <[email protected]> wrote: >> >> On Fri, Oct 21, 2011 at 09:41, Danny Ching <[email protected]> wrote: >> > someone is accessing my server on this port. why are the source ports >> > random? >> >> Client source ports are supposed to be random (ephemeral ports). >> Someone from 46.105.180.237 is trying to contact the web server at >> 10.0.0.3 every 10 minutes. Possible DDOS? > > DDOS is what went through my mind, but only from one address? Anyways will > continue to monitor this. Thanks.
it is not a *distributed* denial of service attack (DDOS) because of a single source IP :-> pattern shows it probing or scanning your web server every 10 seconds.. it is not likely a legitimate access because of 10 seconds interval.. you got a random source port because of ephemeral ports... client side connect and disconnect every 10 seconds.. that is why you see different source ports... it just normal if your server put online on the internet... what important most.. your web server is updated with the latest security patches... fooler. _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
