09-17-2002, 05:23 AM #1Hosting Solutions Provider
- Join Date
- Jun 2002
This IP are scanning my server ...
My portsentry said that this people:
does TCP SYN/Normal scans on my server, most on port 57, some in the 111. (and some FTP to various IP)
How to know more in detail who they are or what are they looking for ?
Some moderator can look if one of this IP is on the WHT user ip database? ... dunno, cause I started to get scans since I put a post here ... heh
Regards.CAS Networks SL | Businesss Solutions Provider
-> www.cascompany.com, IT Related B2B since 1997.
-> Premium Dedicated Servers & Private Reseller Accounts
-> Web Design, Corporate Image Design, Graphic Design
09-17-2002, 05:45 AM #2Junior Guru
- Join Date
- Jul 2002
- kansas city
would seem to be random scanning for exploitable services. i see scans for rpc(111) come across almost hourly.
you can find out a bit more information about who they are by going to : http://ww2.arin.net/whois/ or doing whois -h whois.arin.net ip.block on your server.
with regards to what they are looking for.. i could only assume its someone scanning for exploitable boxens.- brian
failing to plan is planning to fail.