2009/4/4, Martin Schröder <[email protected]>: > <quote> > time src_ip dest_ip:dest_port > ------------------------------------------------------------------- > Fri Apr 3 16:09:51 2009: 78.46.108.116 => 95.65.129.154: 2054 > Fri Apr 3 16:10:55 2009: 78.46.108.116 => 95.65.129.251: 2054 > Fri Apr 3 16:10:14 2009: 78.46.108.116 => 95.65.131.121: 2054 > Fri Apr 3 16:10:36 2009: 78.46.108.116 => 95.65.131.168: 2054 > Fri Apr 3 16:10:04 2009: 78.46.108.116 => 95.65.132.225: 2054 > </quote>
Sorry, that was the unsorted log as delivered by them. I now have analyzed it further: - there are 868 requests to 775 targets in 105 seconds - notable are those who appear twice: Fri Apr 3 16:09:57 2009: 78.46.108.116 => 95.65.184.205:32771 Fri Apr 3 16:10:27 2009: 78.46.108.116 => 95.65.184.205:32771 Fri Apr 3 16:10:53 2009: 78.46.108.116 => 95.65.185.241: 2059 Fri Apr 3 16:11:23 2009: 78.46.108.116 => 95.65.185.241: 2059 Fri Apr 3 16:10:53 2009: 78.46.108.116 => 95.65.187.239:32771 Fri Apr 3 16:11:23 2009: 78.46.108.116 => 95.65.187.239:32771 Same port, 30 seconds apart. Clearly not a port scan. Best Martin _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
