Re: [ILUG] portsentry results

From: Donncha O Caoimh (donncha.ocaoimh at domain tradesignals.com)
Date: Wed 19 Jul 2000 - 11:20:48 IST

• Next message: John P. Looney (Kate): "Re: [ILUG] Jolt quickies"
• Previous message: Paul FW: "[ILUG] portsentry results"
• In reply to: Paul FW: "[ILUG] portsentry results"
• Next in thread: Donncha O Caoimh: "Re: [ILUG] portsentry results"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Do you trust your local users? Someone may have been playing with a
scanning tool, or tried to telnet to an unusual port by accident.

It is possible of course that an attacker spoofed their IP address, I
don't know how, others on the list do though!

Donncha.

Paul FW wrote:
>
> hello, a few days ago i was portscanned and portsentry
> loyally blocked it, but then after that i recieved
> scans from other systems on my lan to one portsetry
> machine, how did the person scanning make it look like
> they came from my machines ?, they were openbsd, nt
> and solaris incase that matters

• Next message: John P. Looney (Kate): "Re: [ILUG] Jolt quickies"
• Previous message: Paul FW: "[ILUG] portsentry results"
• In reply to: Paul FW: "[ILUG] portsentry results"
• Next in thread: Donncha O Caoimh: "Re: [ILUG] portsentry results"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:06:54 GMT