I have been noticing alot of these type entries in my log and am trying to figure out what they are. Let me know what you think. Most of the time they have been looking like web scans with constant sync packets but today it showed up passing sync and reply packets. And the distand end ip is not one that we would have normal comm. with and the local host is not a web server.....any ideas????
11/05/01 11:40:32.372203 Distant End ip.www > local host.1607: R 0:0(0) ack 30965647 win 8192 (DF) 11/05/01 11:40:32.881340 local host.1607 > Distant End ip.www: S 30965646:30965646(0) win 8192 (DF) 11/05/01 11:40:32.881568 Distant End ip.www > local host.1607: R 0:0(0) ack 30965647 win 8192 (DF) 11/05/01 11:40:33.166422 local host.1609 > Distant End ip.www: S 31447740:31447740(0) win 8192 (DF) 11/05/01 11:40:33.166620 Distant End ip.www > local host.1609: R 0:0(0) ack 31447741 win 8192 (DF) (DF) 11/05/01 12:11:51.079441 Distant End ip.www > local host.2340: R 0:0(0) ack 13169449 win 8192 (DF) 11/05/01 12:11:51.581219 local host.2340 > Distant End ip.www: S 13169448:13169448(0) win 8192 (DF) 11/05/01 12:11:51.581416 Distant End ip.www > local host.2340: R 0:0(0) ack 13169449 win 8192 (DF) 11/05/01 12:12:21.716253 local host.2361 > Distant End ip.www: S 13201000:13201000(0) win 8192 (DF) 11/05/01 12:12:21.716460 Distant End ip.www > local host.2361: R 0:0(0) ack 13201001 win 8192 (DF) 11/05/01 12:12:22.162885 local host.2361 > Distant End ip.www: S 13201000:13201000(0) win 8192 (DF) 11/05/01 12:12:22.163097 Distant End ip.www > local host.2361: R 0:0(0) ack 13201001 win 8192 (DF) James Carder _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
