Security Incidents mailing list archives
Is this some type of scan
From: "Aaron Lewis" <aaron () webspundesigns com>
Date: Wed, 4 Aug 2004 10:45:39 -0400
I don't think this is right but I don't know what to make of it. One of my ACL's denies this 4 - 6 times a day an hour apart for 4 or so hours then it stops until the next day. Aug 4 10:17:54 myhostname 3272392: Aug 4 10:17:53.949 EST: %SEC-6-IPACCESSLOGP: list inboundACLname denied tcp 127.0.0.1(80) (Ethernet0/1 000b.bf55.4c70) -> my.public.ip.x(1515), 1 packet Aug 4 10:18:10 myhostname 3272394: Aug 4 10:18:10.621 EST: %SEC-6-IPACCESSLOGP: list inboundACLname denied tcp 127.0.0.1(80) (Ethernet0/1 000b.bf55.4c70) -> my.public.ip.x(1011), 1 packet In other words I'll see 2 entries like these at 10:17 and then I'll see another pair around 11:17 and that will go on for 4 - 6 hours then quit until the next day. Any info on this? Aaron D. Lewis
Current thread:
- Is this some type of scan Aaron Lewis (Aug 05)
- Re: Is this some type of scan Frank Knobbe (Aug 06)