Re: Question.

To: debian-user@lists.debian.org
Subject: Re: Question.
From: Carey Evans <c.evans@clear.net.nz>
Date: 20 Apr 1998 23:08:04 +1200
Message-id: <8767k4eoob.fsf@psyche.evansnet>
In-reply-to: "Jens B. Jorgensen"'s message of Mon, 13 Apr 1998 09:52:54 -0500
References: <Pine.LNX.3.96.980412202531.1610A-100000@petra> <353226C5.AA08FCDD@bdsinc.com>

"Jens B. Jorgensen" <jjorgens@bdsinc.com> writes:

> This is what's known as a 'port scan'. Someone wants to see what network services
> are available on your box. This would likely be a first step for a would-be
> intruder. You should probably alert someone at fuller.edu.

I don't think it is:

% host ftp.fuller.edu
ftp.fuller.edu          CNAME   deborah.fuller.edu
deborah.fuller.edu      A       206.1.27.5

So the connections are coming from the FTP server.

In the usual case, the FTP client will listen on a connection, on a
different port each time, for any data from the FTP server, so each of
these logged entries probably corresponds to getting a directory or
downloading a file from the server.  You can get some idea of what's
going on by using tcpdump and/or running FTP under strace:

% strace -e network ftp ftp.fuller.edu

-- 
	 Carey Evans  http://home.clear.net.nz/pages/c.evans/

"[UNIX] appears to have the inside track on being the replacement for
  CP/M on the largest microcomputers (e.g. those based on 68000...)"

--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Question.
  - From: "Petra <Kevin J Poorman>" <ewigin@SoftHome.net>
- Re: Question.
  - From: "Jens B. Jorgensen" <jjorgens@bdsinc.com>

Prev by Date: What libs to use ???
Next by Date: Netscape + Java + X 24 bpp
Previous by thread: Re: Question.
Next by thread: What is a block device name?
Index(es):
- Date
- Thread