port scanning
Marvin GodfatherofSoul Bellamy
mbellamy at kc.rr.com
Wed Oct 30 10:06:23 CST 2002
I noticed some peculiar logs produced by my packet filter. While there
are the typical blocked attempts to connect to my firewall on service
ports, I also see attempts to connect to my workstation using its
internal IP address. I know IPNAT disguises internal IPs, so some
application must be giving it away. I think I've seen Counter Strike
publicize my internal IP, but I'm not aware of other applications doing
this. What's scary is I've seen attempts to connect to my network
server. Unless Konqueror broadcasts internal IPs, no other application
on this machine should be hitting external addresses. All the attempts
on my network server were for the NFS ports, which is running on that
machine. This was over a 3 month period some time ago and the attempts
came from different addresses.
Example:
Jun 21 18:53:04 firewallhostname ipmon[17108]: 18:53:03.994605 2x ep0 @0:20 b
213.40.130.43,27015 -> my.ip.add.ress,2049 PR udp len 20 300 IN
Any ideas?
--
|/ ____ |/ | Marvin Keith Bellamy
@~/ Oo ~@ | AKA GodfatherofSoul
/_( __/ )_ | website: http://godfatherofsoul.tripod.com
__U_/ | E-mail: mbellamy at kc.rr.com
More information about the Kclug
mailing list