Larry Sword wrote:
> I found this in my message folder, any ideal what this person is trying
> to do??
>
> Message file:
>
> Dec 14 07:59:41 sword portmap[2417]: connect from 24.26.85.46 to dump():
> request from unauthorized host
>
> There is nothing in my secure message file.
>
> doing a traceroute id's this ip:
>
> 242685hfc46.tampabay.rr.com (24.26.85.46) 230.129 ms 197.569 ms
>
> TIA
>
> Larry
Looks like it is running AIX 4.0 or Solaris 2.51 and has a huge number of
filtered ports. Some sort of server, possibly masquerading others onto the
internet. My guess is that you caught a fragment of a SYN scan which may
have been from a spoofed IP. Care has to be taken not to spoof IPs that
are down in such scanning, or the potential exists to flood the target.
I recently participated in a test of a linux program that would alert and
log scans, and it was even catching the craftiest nmap stealth approach I
could make up, rotating the scan among a number of targets and using very
low frequency of touching the test target. If you like, I will dig up what
I can on the program though I believe it is now set up for slackware.
Civileme
--
*****L I N U X*****
*Behold the new and friendly face of world domination*
*Time is on our side* ***LLaP***
