on Thu, 19 Jul 2007
21:16:58 -0700
> I got several Probable Port Scan reports in the log of
> my hardware firewall, the source reported as
> 218.59.124.78
Just that IP? I would expect more IPs scanning your ports. I get about six
IPs scanning my IP every day.
> The ARNIC WHOIS site (maybe not the best choice for
> this ?) says that address is in Shandong, China. Even
> I know about the existence of proxy servers, and the
> possibility of faking or hijacking where your
> nefarious activities are actually coming from.
If the scanner wants to identify anything, like an open port, they need to scan
using a real IP otherwise why scan.
If you are taking about a DOS (Denial of Service) then all of the IPs would be
faked as the person doing the DOS does not want to see any replies.
> But
> what are the odds some random 'Net attempted-B&E guy
> is reaching out my way from China ?
The odds are very good.
Almost all spam and port scans are done from a compromised computer. Some
dummy has clicked on a link to a greeting card and downloaded a trojan and now
someone else has control of the computer.
--
Robert Blair
=====================================================
To unsubscribe from this list, send an email message
to "steward@scoug.com". In the body of the message,
put the command "unsubscribe scoug-help".
For problems, contact the list owner at
"postmaster@scoug.com".
=====================================================
<< Previous Message <<
Return to [ 19 |
July |
2007 ]
The Southern California OS/2 User Group
P.O. Box 26904
Santa Ana, CA 92799-6904, USA
Copyright 2001 the Southern California OS/2 User Group. ALL RIGHTS
RESERVED.
SCOUG, Warp Expo West, and Warpfest are trademarks of the Southern California OS/2 User Group.
OS/2, Workplace Shell, and IBM are registered trademarks of International
Business Machines Corporation.
All other trademarks remain the property of their respective owners.
