[PLUG] Weird "PortScans"
gilmanhunt at attbi.com
gilmanhunt at attbi.com
Fri Mar 14 10:29:02 UTC 2003
Mike De La Mater:
> Do you know anything more about this yet, Russ?
>
> Mike De La Mater
No; and I'm not sure where to start: a google search of "portscans emanating
from port 80" didn't show me anything enlightening. I'm pretty sure I got the
iptables rule correct; but the evidence (continuing scans) would prove me wrong
(unless the DROP at the end of the iptables rule confuses Windows 2000's net
monitor, which is possible).
Trusting Symantec to tell me that the IIS server doesn't have a worm on it makes
me uncomfortable, but the only evidence I can find is that it seems to be
"portscanning from port 80." Also, that server's reasonably up to date with
patches.
More information about the PLUG
mailing list