On 15-May-2001 Jim Starke wrote: > While running ethereal tonight I saw someone scanning all of the ip > addresses. I scrolled back and saw that my box was pinged twice and > then approximately 7 minutes later, I saw an attempt to connect to > port 1405 all by the same ip address. > > No. Time Source > Destination Protocol Info > 18960 2001-05-14 22:25:08.2490 206.239.3.90 > xx.xxx.xx.xx ICMP Echo (ping) request > 18961 2001-05-14 22:25:09.2592 206.239.3.90 > xx.xxx.xx.xx ICMP Echo (ping) request > 19236 2001-05-14 22:32:44.2349 206.239.3.90 > xx.xxx.xx.xx TCP 79 > 1405 [RST, ACK] Seq=0 > Ack=3813890208 > Win=0 Len=0 > [...snip...] > I guess my questions are why they were attempting to connect to port > 1405 (I don't have any services on that port) and why would they be > using port 79 to make the connection? Quite the opposite. You just received the RESPONSE to the attempting to open a connection to port 79/tcp - finger - FROM your machine to 206.239.3.90, and the response was RST - no service on that port. ----- Paulo F. Sedrez Diretor de Tecnologia Weavers Network Consulting Tel/Fax: +55-21-239-3190 http://www.weavers.com.br Paulo.Sedrezat_private -------------------------- Thought of the day: "When the only tool you have is a hammer, you tend to treat everything as if it were a nail." -- Abraham Maslow
This archive was generated by hypermail 2b30 : Fri May 18 2001 - 12:03:27 PDT