From: Rakotomandimby Mihamina <rktmb@wanadoo.fr>
To: netfilter@lists.netfilter.org
Subject: port scan identification
Date: Tue, 08 Jun 2004 23:55:44 +0200 [thread overview]
Message-ID: <40C635E0.2010208@wanadoo.fr> (raw)
Hello
I try to set correctly up my firewall ans would need your help on one
thing :
I have this rule :
[...]
iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST \
-j LOG --log-level debug --log-prefix 'p_scan_: '
[...]
and i see this when i tail the output file :
[...]
Jun 8 22:52:32 milina kernel: p_scan_: IN=ppp0 OUT= MAC=
SRC=81.220.171.201 DST=81.248.95.56 LEN=40 TOS=0x00 PREC=0x00 TTL=54
ID=45424 PROTO=TCP SPT=4391 DPT=80 WINDOW=0 RES=0x00 RST URGP=0
[...]
Well . According to me, a port scan is the action to scan _all_ the
ports ... why is the port scan identified as only scaning the 80th port
? I mean, a port scan should not be on one port only ... isn't it ?
--
Rakotomandimby Mihamina Andrianifaharana
Tel : +33 2 38 76 43 65
http://stko.dyndns.info/site_principal/Members/mihamina
next reply other threads:[~2004-06-08 21:55 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-08 21:55 Rakotomandimby Mihamina [this message]
2004-06-10 10:37 ` port scan identification Antony Stone
-- strict thread matches above, loose matches on Subject: below --
2004-06-09 9:33 Rakotomandimby Mihamina
2004-06-09 9:30 ` Patrick Leslie Polzer
2004-06-09 10:31 ` Raileanu Grigore
2004-06-09 11:43 ` John A. Sullivan III
2004-06-09 16:37 ` Rakotomandimby Mihamina
2004-06-09 16:51 ` John A. Sullivan III
2004-06-09 17:04 ` Antony Stone
2004-06-09 15:43 Hudson Delbert J Contr 61 CS/SCBN
2004-06-09 16:22 ` Raileanu Grigore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40C635E0.2010208@wanadoo.fr \
--to=rktmb@wanadoo.fr \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.