RE: Anyone have any ideas?

[Paulo.Sedrez () weavers com br]

On 15-May-2001 Jim Starke wrote:
> While running ethereal tonight I saw someone scanning all of the ip
> addresses. I scrolled back and saw that my box was pinged twice and
> then approximately 7 minutes later, I saw an attempt to connect to
> port 1405 all by the same ip address.
>
>   No. Time                       Source               
> Destination           Protocol Info
> 18960 2001-05-14 22:25:08.2490   206.239.3.90         
> xx.xxx.xx.xx          ICMP     Echo (ping) request
> 18961 2001-05-14 22:25:09.2592   206.239.3.90         
> xx.xxx.xx.xx          ICMP     Echo (ping) request
> 19236 2001-05-14 22:32:44.2349   206.239.3.90         
> xx.xxx.xx.xx          TCP      79 > 1405 [RST, ACK] Seq=0
> Ack=3813890208
> Win=0 Len=0
[...snip...]
> I guess my questions are why they were attempting to connect to port
> 1405 (I don't have any services on that port) and why would they be
> using port 79 to make the connection?

Quite the opposite. You just received the RESPONSE to the attempting to
open a connection to port 79/tcp - finger - FROM your machine to
206.239.3.90, and the response was RST - no service on that port.

-----
Paulo F. Sedrez
Diretor de Tecnologia
Weavers Network Consulting      Tel/Fax: +55-21-239-3190
http://www.weavers.com.br       Paulo.Sedrez () weavers com br
--------------------------
Thought of the day:

"When the only tool you have is a hammer, you tend to treat everything
as if it were a nail."
-- Abraham Maslow