Nmap Announce mailing list archives
RE: **** frequent check output (fwd)
From: "Frank W. Keeney" <FKeeney () hsa com>
Date: Wed, 10 Feb 1999 12:30:54 -0800
I was also scanned. This is the output from my Cisco access-list: Date Time (PST) Source Port Port - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Feb 9 denied tcp 202.40.17.1(65535) -> 2.3(143), 1 packet Feb 9 denied tcp 202.40.17.1(65535) -> 2.53(143), 1 packet Feb 9 denied tcp 202.40.17.1(65535) -> 2.105(143), 1 packet Feb 9 denied tcp 202.40.17.1(65535) -> 2.155(143), 1 packet Feb 9 denied tcp 202.40.17.1(65535) -> 2.205(143), 1 packet +++++++++++++++++++++++++++++++++++++++++++++++++++++++ Frank Keeney, Network Services, Home Savings of America +1 626-814-5080 mailto:fkeeney () hsa com +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ---------- From: ark () eltex ru [SMTP:ark () eltex ru] Sent: Wednesday, February 10, 1999 2:29 AM To: nmap-hackers () insecure org Cc: bugtraq () netspace org Subject: **** frequent check output (fwd) -----BEGIN PGP SIGNED MESSAGE----- nuqneH, Does anybody know what does it all mean? Looks like a new scan for me.. How is it expected to work? imap as destination, weird source port and flags.. No other "strange" packets arrived as OS type checkers do. - -- Begin forwarded message --- **** frequent check output for period since Feb 10 10:11 to Feb 10 11:10 Security Warnings summary =-=-=-=-=-=-=-=-=-=-=-=-= Feb 10 10:35:54 **** /kernel: securitywarning: orphan TCP packet on x.y.z.17:143 from 202.40.17.1:65535 flags 0x3<FIN,SYN> Feb 10 10:35:54 **** /kernel: securitywarning: orphan TCP packet on x.y.z.25:143 from 202.40.17.1:65535 flags 0x3<FIN,SYN> Feb 10 10:35:54 **** /kernel: securitywarning: orphan TCP packet on x.y.z.29:143 from 202.40.17.1:65535 flags 0x3<FIN,SYN> Feb 10 10:35:54 **** /kernel: securitywarning: orphan TCP packet on x.y.z.27:143 from 202.40.17.1:65535 flags 0x3<FIN,SYN>
Current thread:
- RE: **** frequent check output (fwd) Frank W. Keeney (Feb 10)