Date: Thu, 12 Feb 2004 18:16:54 +0100 From: Peder Blom <dion@bredband.net> To: Dragoncrest <dragoncrest@voyager.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Problem with someone port scanning me Message-ID: <20040212181654.515d42d3.dion@bredband.net> In-Reply-To: <5.2.0.9.2.20040212110826.00a9b620@pop.voyager.net> References: <5.2.0.9.2.20040212110826.00a9b620@pop.voyager.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 12 Feb 2004 11:12:53 -0500 Dragoncrest <dragoncrest@voyager.net> wrote: > For the past couple of days I've had someone on our lan port > scanning my > box. Not sure what's up with that, but I'm curious if there's a way > to log what IP address this is coming from. I don't have IPFW enabled > yet as I haven't had the time to configure it at this point as it's > currently behind the company firewall on our T3. Is there a way to > log where it's coming from? Or is that already being logged > somewhere? > man tcpdump ports/net/ethereal netcat? (ports/net/nc). If connections are to a specific port and protocol are tcp you can set up nc to listen for connections on this port. Once a connection is established you might get some info, e.g. see what requests are made. A while ago I started getting an absurd number of requests (+30k in an afternoon on my standalone home computer), using netcat I found out that it was requests from kazaa clients... (and no, I don't run kazaa but I'm on dhcp so I obviously got a "bad" ip).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040212181654.515d42d3.dion>