Date: Tue, 28 Mar 2000 23:16:57 +0100 From: David Malone <dwmalone@maths.tcd.ie> To: Jeff Hamilton <hjeffrey@hotmail.com> Cc: freebsd-questions@freebsd.org, freebsd-stable@freebsd.org Subject: Re: /etc/hosts.allow Message-ID: <20000328231657.A9744@walton.maths.tcd.ie> In-Reply-To: <20000328212418.44269.qmail@hotmail.com>; from hjeffrey@hotmail.com on Tue, Mar 28, 2000 at 01:24:18PM -0800 References: <20000328212418.44269.qmail@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 28, 2000 at 01:24:18PM -0800, Jeff Hamilton wrote: > >My guess is that the portmapper is getting a tcp connection, which the > >remote end closes almost immediately. Then when the wrapping code goes > >to to dup the discriptor which is supposed to be connected it finds it > >is unconnected. > > Could this possibly be an indicator of a port scan or other exploit attempt? > Is there anyway to trace the IP address that originated the connection? If my guess was right, there is a good chance it could be a portscan. Tracing the IP address is probably a bit harder. I'll experiment at home and see if I can reproduce this. David. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000328231657.A9744>