Results 1 to 2 of 2
  1. #1
    Join Date
    Jun 2002

    This IP are scanning my server ...

    My portsentry said that this people: (

    does TCP SYN/Normal scans on my server, most on port 57, some in the 111. (and some FTP to various IP)

    How to know more in detail who they are or what are they looking for ?

    Some moderator can look if one of this IP is on the WHT user ip database? ... dunno, cause I started to get scans since I put a post here ... heh

    CAS Networks SL | Businesss Solutions Provider
    ->, IT Related B2B since 1997.
    -> Premium Dedicated Servers & Private Reseller Accounts
    -> Web Design, Corporate Image Design, Graphic Design

  2. #2
    Join Date
    Jul 2002
    kansas city
    would seem to be random scanning for exploitable services. i see scans for rpc(111) come across almost hourly.

    you can find out a bit more information about who they are by going to : or doing whois -h ip.block on your server.

    with regards to what they are looking for.. i could only assume its someone scanning for exploitable boxens.
    - brian

    failing to plan is planning to fail.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts