cancel
Showing results for 
Search instead for 
Did you mean: 

Port Scanned

N/A

Port Scanned

Morning,

Has anyone else seen an increase in port scans in the last couple of days??
I have 1 ip that has been trying to get in for ages.. not sure y as I don't have anything of interest on here...

Date: 05/03 00:31:39
Name: spp_portscan: PORTSCAN DETECTED from 81.72.0.246 (STEALTH)
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/03 04:11:57
Name: spp_portscan: portscan status from 81.72.0.246: 1 connections across 1 hosts: TCP(1), UDP(0) STEALTH
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/03 10:09:26
Name: spp_portscan: portscan status from 81.72.0.246: 1 connections across 1 hosts: TCP(1), UDP(0) STEALTH
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
Refs:

Date: 05/03 10:09:30
Name: spp_portscan: End of portscan from 81.72.0.246: TOTAL time(7s) hosts(1) TCP(2) UDP(0) STEALTH
Priority: n/a
Type: n/a
IP Info: n/a:n/a -> n/a:n/a
I would knock him/her off but then I'm only as bad. Can you guys advise Please
Angus
4 REPLIES
Community Veteran
Posts: 3,181
Thanks: 19
Fixes: 2
Registered: 31-07-2007

RE: Port Scanned

> Morning,
>
> Has anyone else seen an increase in port scans in the last couple of days??
> I have 1 ip that has been trying to get in for ages.. not sure y as I don't have anything of interest on here...
>
> Date: 05/03 00:31:39
> Name: spp_portscan: PORTSCAN DETECTED from 81.72.0.246 (STEALTH)
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/03 04:11:57
> Name: spp_portscan: portscan status from 81.72.0.246: 1 connections across 1 hosts: TCP(1), UDP(0) STEALTH
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/03 10:09:26
> Name: spp_portscan: portscan status from 81.72.0.246: 1 connections across 1 hosts: TCP(1), UDP(0) STEALTH
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> Refs:
>
> Date: 05/03 10:09:30
> Name: spp_portscan: End of portscan from 81.72.0.246: TOTAL time(7s) hosts(1) TCP(2) UDP(0) STEALTH
> Priority: n/a
> Type: n/a
> IP Info: n/a:n/a -> n/a:n/a
> I would knock him/her off but then I'm only as bad. Can you guys advise Please
> Angus


I would say there is more, but that might be the fact that I am a chanop on a IRC server, so I am a target for them.

But which port, scan paramerters and how many? As if I read that report correctly it was just the 1 each time?

I'd only worry if it was 20+ attempts in quick succession
Unvalued customer since 2001 funding cheap internet for others / DSL/Fibre house move 24 month regrade from 8th May 2017
N/A

RE: Port Scanned

> I would say there is more, but that might be the fact that I am a chanop on a IRC server, so I am a target for them.
>
> But which port, scan paramerters and how many? As if I read that report correctly it was just the 1 each time?
>
> I'd only worry if it was 20+ attempts in quick succession

There were going on all night..3 pages of firewall logs on 1 ip. I just took a few readings out of it.

Angus

N/A

RE: Port Scanned

Our abuse master can be reached by emailing abuse@plus.net

Send the logs there or place them in a contact and we will pass them on internally.

Kind Regards

Kevin
--
| Kevin Revill ............... Unmetered & ADSL solutions
| Technical Support ................. for Home & Business
| PlusNet Technologies Ltd. ....... @ http://www.plus.net
+ ----- My Referrals - It pays to recommend PlusNet -----
N/A

RE: Port Scanned

> > Has anyone else seen an increase in port scans in the last couple of days??

being the lazy person that I am I don't check my logs, but I would not say that necessarily portscans are that much to worry about, and their increase or decrease is all dependent on who when why the person is scanning. Of course, you can email abuse, but if you do that everytime it happens you will be emailing alot. You have a real IP its gonna happen. The chances are the source will be spoofed anyway so there is not much one can do about it to locate the source. The way I look at it is just like playing knock and run, and usually most port scans are specific and scan entire subnets at once. Look on the bright side, you know your firewall is working! Wink