Hmm... It seems odd that anyone would try to connect to port 9 - that's the
sink/null port...
I guess if you can actually connect it shows that a machine is there...
Then the person responsible tried to do something on port 27015... Yes, I'd
call this
_very_ suspicious... I don't see that this is a port for any standard
exploit, tho...
> -----Original Message-----
> From: Frank Carreiro [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, February 13, 2001 11:59 AM
> To: redhat list
> Subject: When is a port scan NOT a portscan?
>
> I'm running portsentry on a test application server which is outside our
> firewall (we had no choice.. our custom app needed this to work properly).
>
> I have it setup to automatically add any system that portscan's us into
> our IPCHAINS deny policy. I have done a whois and contacted the admin
> who "claims" they never port scanned us (I don't believe him of
> course). This may have been stupid but as he is the network admin of
> his company I gave him the IP address of the server which was
> portscanned. Attached is the part in our messages log I am concerned
> about.
>
> Anyway... I'm bringing the machine down today anyway. We've completed
> the work it was intended to do so it's a moot point. Still for
> educational purposes I was hoping someone could confirm.
>
> Greatly Appreciated.
>
> Frank. << File: messages.portscan >>
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
