Security Incidents mailing list archives
correlation between porscans and local activity
From: tmolina () HOME COM (Thomas Molina)
Date: Sun, 2 Jan 2000 21:07:29 -0600
This weekend I've started noticing a possible loose correlation between portscans on my Linux boxes and local activity. It is connected to the internet through a cable modem. It also provides masqueraded internet connectivity for a couple of Win 98 boxes. The Windows boxes mainly are used by the family for web browsing, icq, and aol instant messaging. There now appears to be some coincidence between the times my family does web browsing and when I get scanned for port 1080. I also got some scans for port 31337 (back orifice?) following an icq session by my son. Is this just a wild guess on my part or am I just now noticing something blindingly obvious to everyone else? Time to learn more about NAT and iptables so I can confirm this wild theory.
Current thread:
- Re: Computer Forsenics-> www.fish.com/forensics, (continued)
- Re: Computer Forsenics-> www.fish.com/forensics mike (Jan 03)
- traceroute ICMP packets Laszlo Fabian (Jan 04)
- Re: traceroute ICMP packets M J (Jan 04)
- Re: traceroute ICMP packets Larry Canup (Jan 18)
- Re: ICMP time exceed in-transit packets Dave Dittrich (Jan 01)
- Re: ICMP time exceed in-transit packets Paul Cardon (Jan 02)
- Y2K bug in Shadow IDS Patrick Oonk (Jan 02)
- Port Scan on 371... M. Edward Wilborne III (Jan 02)
- Re: Port Scan on 371... Etaoin Shrdlu (Jan 02)
- Re: Port Scan on 371... Christopher Wilson (Jan 02)
- correlation between porscans and local activity Thomas Molina (Jan 02)
- Re: correlation between porscans and local activity Sean Sosik-Hamor (Jan 03)
- ADMROCKS McNab, Chris (Jan 03)
- R: correlation between porscans and local activity Raistlin (Jan 04)
- Re: R: correlation between porscans and local activity Michael Babcock (Jan 12)
- Re: correlation between porscans and local activity R a v e N (Jan 04)