Civileme wrote:
> Larry Sword wrote:
>
> > I found this in my message folder, any ideal what this person is trying
> > to do??
> >
> > Message file:
> >
> > Dec 14 07:59:41 sword portmap[2417]: connect from 24.26.85.46 to dump():
> > request from unauthorized host
> >
> > There is nothing in my secure message file.
> >
> > doing a traceroute id's this ip:
> >
> > 242685hfc46.tampabay.rr.com (24.26.85.46) 230.129 ms 197.569 ms
> >
> > TIA
> >
> > Larry
>
> Looks like it is running AIX 4.0 or Solaris 2.51 and has a huge number of
> filtered ports. Some sort of server, possibly masquerading others onto the
> internet. My guess is that you caught a fragment of a SYN scan which may
> have been from a spoofed IP. Care has to be taken not to spoof IPs that
> are down in such scanning, or the potential exists to flood the target.
>
> I recently participated in a test of a linux program that would alert and
> log scans, and it was even catching the craftiest nmap stealth approach I
> could make up, rotating the scan among a number of targets and using very
> low frequency of touching the test target. If you like, I will dig up what
> I can on the program though I believe it is now set up for slackware.
>
> Civileme
>
Thank you for the insight, Civileme. Yes by all means any further information
and help such as this program would be greatly appreciated.
Larry
