Re: Question.
"Jens B. Jorgensen" <jjorgens@bdsinc.com> writes:
> This is what's known as a 'port scan'. Someone wants to see what network services
> are available on your box. This would likely be a first step for a would-be
> intruder. You should probably alert someone at fuller.edu.
I don't think it is:
% host ftp.fuller.edu
ftp.fuller.edu CNAME deborah.fuller.edu
deborah.fuller.edu A 206.1.27.5
So the connections are coming from the FTP server.
In the usual case, the FTP client will listen on a connection, on a
different port each time, for any data from the FTP server, so each of
these logged entries probably corresponds to getting a directory or
downloading a file from the server. You can get some idea of what's
going on by using tcpdump and/or running FTP under strace:
% strace -e network ftp ftp.fuller.edu
--
Carey Evans http://home.clear.net.nz/pages/c.evans/
"[UNIX] appears to have the inside track on being the replacement for
CP/M on the largest microcomputers (e.g. those based on 68000...)"
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to:
- References:
- Question.
- From: "Petra <Kevin J Poorman>" <ewigin@SoftHome.net>
- Re: Question.
- From: "Jens B. Jorgensen" <jjorgens@bdsinc.com>