Re: Unknown user agent in my logs...

["Clinton E. Troutman" <clint.troutman () sbcglobal net>]

On Monday 09 April 2007, lordl3ane () gmail com wrote:
> Did you do any analysis of the host the packets are preporting to be
> from?  Looking up the IP @ DNSStuff?  Trace Routing it?  Geolocating it? 
> Maybe even port-scanning it?
>
> EB

I know the IP info (same DSL subnet as my own), For the same reason,I know 
the traceroute, I know the geolocation...

I intended to capture packets and possibly port scan but SBC coughed and 
caused my IP to change (for unknown reason, I don't think related to 
this...).

That scan has disappeared, for now.

Yesterday, a similar scan appeared but at a much decreased rate (about once 
per hour) and from a different IP (on same subnet). Wondering if it is the 
same machine... Since I was unable to capture packets on the original scan, 
nothing to compare.

Neither scan is constant; the machines appear to be disconnected (turned 
off) except for a few hours per day (mostly evenings). Swatch alerts me 
when the scans appear.

Planning to capture packets on the new scan... when it reappears. Will let 
you know what I find...

-- 
Clinton E. Troutman
Independent Computer Consultant for Home,
  Home Office, and Small Business in Fort Worth, Texas

Attachment: _bin
Description: