From owner-freebsd-questions@FreeBSD.ORG Thu Feb 12 09:18:02 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4140116A4CE for ; Thu, 12 Feb 2004 09:18:02 -0800 (PST) Received: from mxfep02.bredband.com (mxfep02.bredband.com [195.54.107.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id B4A9E43D1D for ; Thu, 12 Feb 2004 09:17:29 -0800 (PST) (envelope-from dion@bredband.net) Received: from Hecate.my.hell ([213.113.217.216] [213.113.217.216]) by mxfep02.bredband.com with SMTP id <20040212171728.JOOI21240.mxfep02.bredband.com@Hecate.my.hell>; Thu, 12 Feb 2004 18:17:28 +0100 Date: Thu, 12 Feb 2004 18:16:54 +0100 From: Peder Blom To: Dragoncrest Message-Id: <20040212181654.515d42d3.dion@bredband.net> In-Reply-To: <5.2.0.9.2.20040212110826.00a9b620@pop.voyager.net> References: <5.2.0.9.2.20040212110826.00a9b620@pop.voyager.net> X-Mailer: Sylpheed version 0.9.9 (GTK+ 1.2.10; i386-portbld-freebsd4.9) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-questions@FreeBSD.ORG Subject: Re: Problem with someone port scanning me X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Feb 2004 17:18:02 -0000 On Thu, 12 Feb 2004 11:12:53 -0500 Dragoncrest wrote: > For the past couple of days I've had someone on our lan port > scanning my > box. Not sure what's up with that, but I'm curious if there's a way > to log what IP address this is coming from. I don't have IPFW enabled > yet as I haven't had the time to configure it at this point as it's > currently behind the company firewall on our T3. Is there a way to > log where it's coming from? Or is that already being logged > somewhere? > man tcpdump ports/net/ethereal netcat? (ports/net/nc). If connections are to a specific port and protocol are tcp you can set up nc to listen for connections on this port. Once a connection is established you might get some info, e.g. see what requests are made. A while ago I started getting an absurd number of requests (+30k in an afternoon on my standalone home computer), using netcat I found out that it was requests from kazaa clients... (and no, I don't run kazaa but I'm on dhcp so I obviously got a "bad" ip).