LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Is my box port scanning? (https://www.linuxquestions.org/questions/linux-security-4/is-my-box-port-scanning-274717/)

ryedunn 01-06-2005 04:01 PM
Is my box port scanning?
 
I finally got acid working correctly and I see all these fun attacks coming in but there is one thing that I dont quite understand.

Under my Destination IP address I saw 2 IPs.. hmm I only have one IP so I went in to look at it and sure enough there was another IP address in there. I clicked on the number of attacks and it looks like Im sending out attacks to him....
Quote:
ID #1-(1-4)
< Signature > [snort] ATTACK-RESPONSES 403 Forbidden
< Timestamp > 2005-01-06 14:39:02
< Source Address > My IP:80
< Dest. Address > His IP:1591
< Layer 4 Proto > TCP
As you can see the source address is me sending out....My worst fear is that my box has already been comprimised and Im scanning other addresses.

Thank you
Ryan

ryedunn 01-06-2005 05:05 PM
I think its just my reply to some attacks.... ie ATTACK-RESPONSES 403 Forbidden ..


I hope...

iceman47 01-07-2005 04:45 AM
I'm just guessing here, but are you running a webserver?
src ip is you, src port is 80, dst ip is him and sig is a 403, seems like he's trying to get a page
from you but as it's not there you're sending a 403 back.
Correct me if I'm wrong here.


All times are GMT -5. The time now is 01:06 PM.