From: Donncha O Caoimh (donncha.ocaoimh at domain tradesignals.com)
Date: Wed 19 Jul 2000 - 11:20:48 IST
Do you trust your local users? Someone may have been playing with a
scanning tool, or tried to telnet to an unusual port by accident.
It is possible of course that an attacker spoofed their IP address, I
don't know how, others on the list do though!
Paul FW wrote:
> hello, a few days ago i was portscanned and portsentry
> loyally blocked it, but then after that i recieved
> scans from other systems on my lan to one portsetry
> machine, how did the person scanning make it look like
> they came from my machines ?, they were openbsd, nt
> and solaris incase that matters
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:06:54 GMT