LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-04-2006, 10:58 PM   #1
atlaika
Member
 
Registered: Oct 2005
Posts: 45

Rep: Reputation: 15
Port Scan


Ubuntu 5.10
Firestarter log

I am guessing this is a portscan...
Code:
Time:Apr  5 04:28:35 Direction: Unknown In:eth0 Out: Port:44470 Source:213.206.131.45 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:28:36 Direction: Unknown In:eth0 Out: Port:44471 Source:217.149.32.34 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:28:37 Direction: Unknown In:eth0 Out: Port:44472 Source:217.149.32.34 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:28:38 Direction: Unknown In:eth0 Out: Port:44473 Source:217.149.32.34 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:28:39 Direction: Unknown In:eth0 Out: Port:44474 Source:213.206.129.143 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:28:40 Direction: Unknown In:eth0 Out: Port:44475 Source:213.206.129.143 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:28:41 Direction: Unknown In:eth0 Out: Port:44476 Source:213.206.129.143 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:28:42 Direction: Unknown In:eth0 Out: Port:44477 Source:213.206.128.55 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:28:43 Direction: Unknown In:eth0 Out: Port:44478 Source:213.206.128.55 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:28:44 Direction: Unknown In:eth0 Out: Port:44479 Source:213.206.128.55 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:28:45 Direction: Unknown In:eth0 Out: Port:44480 Source:144.232.19.69 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:28:46 Direction: Unknown In:eth0 Out: Port:44481 Source:144.232.19.69 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:28:47 Direction: Unknown In:eth0 Out: Port:44482 Source:144.232.19.69 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:28:48 Direction: Unknown In:eth0 Out: Port:44483 Source:144.232.20.132 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:28:49 Direction: Unknown In:eth0 Out: Port:44484 Source:144.232.20.132 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:28:50 Direction: Unknown In:eth0 Out: Port:44485 Source:144.232.20.132 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:28:51 Direction: Unknown In:eth0 Out: Port:44486 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:28:52 Direction: Unknown In:eth0 Out: Port:44487 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:30:43 Direction: Unknown In:eth0 Out: Port:68 Source:82.211.234.2 Destination:82.211.234.11 Length:328 TOS:0x00 Protocol:UDP Service:DHCP
Time:Apr  5 04:30:44 Direction: Unknown In:eth0 Out: Port:1434 Source:60.190.0.173 Destination:82.211.234.11 Length:404 TOS:0x00 Protocol:UDP Service:Ms-sql-m
Time:Apr  5 04:31:12 Direction: Unknown In:eth0 Out: Port:44444 Source:82.211.234.2 Destination:82.211.234.11 Length:576 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:13 Direction: Unknown In:eth0 Out: Port:44445 Source:82.211.234.2 Destination:82.211.234.11 Length:576 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:14 Direction: Unknown In:eth0 Out: Port:44446 Source:82.211.234.2 Destination:82.211.234.11 Length:576 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:15 Direction: Unknown In:eth0 Out: Port:44447 Source:82.211.224.161 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:16 Direction: Unknown In:eth0 Out: Port:44448 Source:82.211.224.161 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:17 Direction: Unknown In:eth0 Out: Port:44449 Source:82.211.224.161 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:18 Direction: Unknown In:eth0 Out: Port:44450 Source:87.72.98.82 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:19 Direction: Unknown In:eth0 Out: Port:44451 Source:87.72.98.82 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:20 Direction: Unknown In:eth0 Out: Port:44452 Source:87.72.98.82 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:21 Direction: Unknown In:eth0 Out: Port:44453 Source:87.72.98.97 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:22 Direction: Unknown In:eth0 Out: Port:44454 Source:87.72.98.97 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:23 Direction: Unknown In:eth0 Out: Port:44455 Source:87.72.98.97 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:24 Direction: Unknown In:eth0 Out: Port:44456 Source:213.242.108.149 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:25 Direction: Unknown In:eth0 Out: Port:44457 Source:213.242.108.149 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:26 Direction: Unknown In:eth0 Out: Port:44458 Source:213.242.108.149 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:27 Direction: Unknown In:eth0 Out: Port:44459 Source:213.242.107.18 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:28 Direction: Unknown In:eth0 Out: Port:44460 Source:213.242.107.18 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:29 Direction: Unknown In:eth0 Out: Port:44461 Source:213.242.107.18 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:30 Direction: Unknown In:eth0 Out: Port:44462 Source:4.68.128.213 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:31 Direction: Unknown In:eth0 Out: Port:44463 Source:4.68.128.213 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:32 Direction: Unknown In:eth0 Out: Port:44464 Source:4.68.128.213 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:33 Direction: Unknown In:eth0 Out: Port:44465 Source:4.68.116.172 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:34 Direction: Unknown In:eth0 Out: Port:44466 Source:4.68.116.108 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:35 Direction: Unknown In:eth0 Out: Port:44467 Source:4.68.116.44 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:36 Direction: Unknown In:eth0 Out: Port:44468 Source:213.206.131.21 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:37 Direction: Unknown In:eth0 Out: Port:44469 Source:213.206.131.21 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:38 Direction: Unknown In:eth0 Out: Port:44470 Source:213.206.131.21 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:39 Direction: Unknown In:eth0 Out: Port:44471 Source:144.232.19.69 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:40 Direction: Unknown In:eth0 Out: Port:44472 Source:144.232.19.69 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:41 Direction: Unknown In:eth0 Out: Port:44473 Source:144.232.19.69 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:42 Direction: Unknown In:eth0 Out: Port:44474 Source:144.232.20.132 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:43 Direction: Unknown In:eth0 Out: Port:44475 Source:144.232.20.132 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:44 Direction: Unknown In:eth0 Out: Port:44476 Source:144.232.20.132 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:45 Direction: Unknown In:eth0 Out: Port:44477 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:46 Direction: Unknown In:eth0 Out: Port:44478 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:47 Direction: Unknown In:eth0 Out: Port:44479 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:48 Direction: Unknown In:eth0 Out: Port:44480 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:49 Direction: Unknown In:eth0 Out: Port:44481 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:50 Direction: Unknown In:eth0 Out: Port:44482 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:51 Direction: Unknown In:eth0 Out: Port:44483 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:52 Direction: Unknown In:eth0 Out: Port:44484 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:53 Direction: Unknown In:eth0 Out: Port:44485 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:54 Direction: Unknown In:eth0 Out: Port:44486 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:55 Direction: Unknown In:eth0 Out: Port:44487 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:56 Direction: Unknown In:eth0 Out: Port:44488 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:57 Direction: Unknown In:eth0 Out: Port:44489 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:58 Direction: Unknown In:eth0 Out: Port:44490 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:31:59 Direction: Unknown In:eth0 Out: Port:44491 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:32:00 Direction: Unknown In:eth0 Out: Port:44492 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:32:01 Direction: Unknown In:eth0 Out: Port:44493 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:32:02 Direction: Unknown In:eth0 Out: Port:44494 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr  5 04:32:03 Direction: Unknown In:eth0 Out: Port:44495 Source:144.232.20.136
and it just keeps going.
Should the firewall even allow a response? and are there any way to find the source?
 
Old 04-04-2006, 11:47 PM   #2
b0nd
Senior Member
 
Registered: Jan 2005
Distribution: Slackware, BackTrack, Windows XP
Posts: 1,020

Rep: Reputation: 45
Hi,
ya it seems like port scanning. But the log is showing only the ICMP...means the attacker machine was pinging the target machine to know whether its up or not.

Firewall may or may not stop this. It depends on its settings that whether ping (ICMP) is blocked or not.

regards
 
Old 04-05-2006, 01:47 AM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
I'm not convinced that it's a simple port or ping scan. Granted, I'm not that familiar with firestarters log format, but it's listing port numbers while showing the protocol as ICMP, which I believe means they are incoming ICMP port-unreachable packets. The other odd thing is that the source IP changes even though the port number still appears to be steadily incrementing (IPs actually belong to completely different ISPs too).

If I had to guess I'd say it's either some form of spoofed scan (remote attacker scans remote target but forges your source IP) or possibly a distributed scan. Both of those possibilities would be pretty strange. If you run tcpdump on your system (or ideally on another system on your network) do you see any outgoing traffic that looks like a scan?
 
Old 04-05-2006, 09:11 AM   #4
atlaika
Member
 
Registered: Oct 2005
Posts: 45

Original Poster
Rep: Reputation: 15
This is the first hit shown in the firestarter log.
Code:
Time:Apr  5 04:28:09 Direction: Unknown In:eth0 Out: Port:44444 Source:82.211.234.2 Destination:82.211.234.11 Length:576 TOS:0x00 Protocol:ICMP Service:Unknown
TCPDUMP
Code:
14:54:45.506591 arp who-has 82.211.235.117 tell 82.211.234.2
14:54:45.671897 arp who-has 82.211.234.81 tell 82.211.234.2
14:54:45.760516 arp who-has 82.211.234.232 tell 82.211.234.2
14:54:45.767448 IP 82.211.235.20.netbios-ns > 82.211.235.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
14:54:45.767562 arp who-has 82.211.235.20 tell 82.211.234.181
14:54:45.767856 arp who-has 82.211.235.20 tell 82.211.234.250
14:54:45.767893 IP 82.211.235.20.netbios-dgm > 82.211.235.255.netbios-dgm: NBT UDP PACKET(138)
14:54:45.925342 arp who-has 82.211.234.134 tell 82.211.234.2
14:54:46.198878 arp who-has 82.211.234.107 tell 82.211.234.2
14:54:46.318610 arp who-has 82.211.235.198 tell 82.211.234.2
14:54:46.326299 IP 192.168.0.1.3960 > 255.255.255.255.61112: UDP, length 92
14:54:46.496647 IP 82.211.234.181.netbios-ns > 82.211.235.255.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
14:54:46.506585 arp who-has 82.211.235.117 tell 82.211.234.2
14:54:46.671550 arp who-has 82.211.234.81 tell 82.211.234.2
14:54:46.760179 arp who-has 82.211.234.232 tell 82.211.234.2

14:54:47.198002 arp who-has 82.211.234.107 tell 82.211.234.2
14:54:47.317987 arp who-has 82.211.235.198 tell 82.211.234.2
14:54:47.728583 arp who-has 82.211.234.134 tell 82.211.234.2
14:54:47.806089 arp who-has 82.211.234.81 tell 82.211.234.2
14:54:48.197861 arp who-has 82.211.234.107 tell 82.211.234.2
14:54:48.318452 arp who-has 82.211.235.198 tell 82.211.234.2
14:54:48.610728 arp who-has 82.211.235.14 tell 82.211.234.2
14:54:48.728273 arp who-has 82.211.234.134 tell 82.211.234.2
14:54:48.774525 arp who-has 82.211.234.224 tell 82.211.234.2
14:54:48.785561 arp who-has 82.211.234.164 tell 82.211.234.2
14:54:48.805780 arp who-has 82.211.234.81 tell 82.211.234.2
14:54:49.181038 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:03:93:20:52:65 (oui Unknown), length: 548
14:54:49.183600 arp who-has 172.30.0.250 tell 0.0.0.0
14:54:49.611192 arp who-has 82.211.235.14 tell 82.211.234.2
14:54:49.728664 arp who-has 82.211.234.134 tell 82.211.234.2
14:54:49.774118 arp who-has 82.211.234.224 tell 82.211.234.2
14:54:49.785156 arp who-has 82.211.234.164 tell 82.211.234.2
14:54:49.806318 arp who-has 82.211.234.81 tell 82.211.234.2
 14:54:50.611007 arp who-has 82.211.235.14 tell 82.211.234.2
14:54:50.773929 arp who-has 82.211.234.224 tell 82.211.234.2
14:54:50.785030 arp who-has 82.211.234.164 tell 82.211.234.2
 14:54:51.147632 IP 82.211.234.15.netbios-dgm > 82.211.235.255.netbios-dgm: NBT UDP PACKET(138)
14:54:51.161668 IP 82.211.234.15.netbios-ns > 82.211.235.255.netbios-ns: NBT UDP PACKET(137): RELEASE; REQUEST; BROADCAST
14:54:51.240628 IP 82.211.234.15.netbios-ns > 82.211.235.255.netbios-ns: NBT UDP PACKET(137): RELEASE; REQUEST; BROADCAST
14:54:51.240734 IP 82.211.234.15.netbios-ns > 82.211.235.255.netbios-ns: NBT UDP PACKET(137): RELEASE; REQUEST; BROADCAST
14:54:51.240790 IP 82.211.234.15.netbios-ns > 82.211.235.255.netbios-ns: NBT UDP PACKET(137): RELEASE; REQUEST; BROADCAST
14:54:51.240848 IP 82.211.234.15.netbios-ns > 82.211.235.255.netbios-ns: NBT UDP PACKET(137): RELEASE; REQUEST; BROADCAST
14:54:51.240900 IP 82.211.234.15.netbios-ns > 82.211.235.255.netbios-ns: NBT UDP PACKET(137): RELEASE; REQUEST; BROADCAST
  14:54:52.237649 arp who-has 82.211.234.107 tell 82.211.234.2
14:54:52.325300 IP 192.168.0.1.3961 > 255.255.255.255.61112: UDP, length 92
14:54:52.417632 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:03:47:8d:ca:11 (oui Unknown), length: 320
14:54:52.812951 arp who-has 82.211.235.14 tell 82.211.234.2
14:54:53.237176 arp who-has 82.211.234.107 tell 82.211.234.2
14:54:53.328680 arp who-has 82.211.234.19 tell 82.211.234.19
If it is a spoofed attack theres basically no way too know the source, right?

Found that firestater was configured to receive ICMP requests, hopefully that's fixed now.
Thanks

Last edited by atlaika; 04-05-2006 at 02:11 PM.
 
Old 04-05-2006, 08:12 PM   #5
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
I don't see anything in the tcpdump output that really looks malicious. If you see any further warnings from firestarter, try using tcpdump again but limit the capture to only icmp, grab the packet header/payload (tcpdump -veX icmp) and let it run longer.

It's also probably a good idea to either perform a remote scan of you firewall using another remote system or using one of the free online scans (like grc or sygate SOS) in order to verify that your firewall is functioning properly.

If it is a spoofed attack theres basically no way too know the source, right?
Depends on the situation, but in most circumstances you can't tell the true source by simply looking at a packet.
 
Old 04-06-2006, 10:13 AM   #6
atlaika
Member
 
Registered: Oct 2005
Posts: 45

Original Poster
Rep: Reputation: 15
Quote:
I don't see anything in the tcpdump output that really looks malicious. If you see any further warnings from firestarter, try using tcpdump again but limit the capture to only icmp, grab the packet header/payload (tcpdump -veX icmp) and let it run longer.
Thanks, will do that.
Quote:
It's also probably a good idea to either perform a remote scan of you firewall using another remote system or using one of the free online scans (like grc or sygate SOS) in order to verify that your firewall is functioning properly.
I had done one on grc, but only for common ports, which didn’t tell me anything about ICMP, so I missed it, until I tried Sygate SOS.
http://scan.sygate.com/
Quote:
If it is a spoofed attack theres basically no way too know the source, right?
Depends on the situation, but in most circumstances you can't tell the true source by simply looking at a packet.
Any where I could read a bit more about that?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
mysqld running and reading for connections on port 3306, no port 3306 found from scan darkenigmaa Linux - Networking 10 07-13-2016 12:53 PM
Port Scan: Closed Port instead of Stealth unihiekka Linux - Security 9 12-26-2005 09:51 PM
port scan. bruse Linux - Networking 1 10-23-2005 06:41 PM
port scan Tigger Linux - Security 18 06-08-2003 06:44 PM
Port scan luser Linux - Networking 4 10-11-2002 02:37 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration