 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev- | Prev- | Debian- | Dec- | Next- | Next- |
| Subject: | nmap Xmas scans and unrecognized outcoming connections |
| Group: | Debian-security |
| From: | Martín Peluso |
| Date: | 7 Dec 2007 |
Two days ago one of my machines started to receive several nmap Xmas
scans from 73.23.32.79. Later, in another machine which is running under
Debian etch, Firestarter showed me four outcoming connections to the
same ip address with destination ports 80, 44285, 41182 and 43275. Those
connections are not used by any client application and they are not
recognized by netstat. In addition, the target ip address (a comcast
range address) don't seem to be giving http access, and it have all of
its ports filtered.
I don't know how to proceed in order to determine what application is
using those connections or what are they used for. They are still active
since two days ago.
Any suggestion?
Thanks in advance.
Martin Peluso
--
To UNSUBSCRIBE, email to debian-security-REQUEST
with a subject of "unsubscribe". Trouble? Contact listmaster
| Prev- | Prev- | Debian- | Dec- | Next- | Next- |