cancel
Showing results for 
Search instead for 
Did you mean: 

Post scans

npr
Pro
Posts: 1,898
Thanks: 119
Fixes: 9
Registered: ‎21-01-2013

Post scans

I don't mind the random port scan, but I start to become a tad suspicious of port scans over a period of 3 days from the  same plusnet IP.
Quote
<84> May 16 16:12:06 IDS scan parser : tcp port scan: 84.93.230.186 scanned at least 10 ports at 146.200.196.131.  (1 of 1) : 84.93.230.186  146.200.196.131 0040 TCP 80->14710 [.FA...] seq 299907060 ack 4209427391 win 111

<84> May 16 22:34:58 IDS scan parser : tcp port scan: 84.93.230.186 scanned at least 10 ports at 146.200.196.xxx.  (1 of 1) : 84.93.230.186  146.200.196.xxx 0040 TCP 80->13780 [.FA...] seq 2707981615 ack 3940141635 win 111

<84> May 17 19:41:44 IDS scan parser : tcp port scan: 84.93.230.186 scanned at least 10 ports at 146.200.196.xxx.  (1 of 1) : 84.93.230.186  146.200.196.xxx 0040 TCP 80->14375 [.FA...] seq 2328577751 ack 1519961124 win 207

<84> May 18 09:37:03 IDS scan parser : tcp port scan: 84.93.230.186 scanned at least 10 ports at 146.200.196.xxx.  (1 of 1) : 84.93.230.186  146.200.196.xxx 0040 TCP 80->15534 [.FA...] seq 3595708792 ack 847252859 win 112

<84> May 18 22:14:57 IDS scan parser : tcp port scan: 84.93.230.186 scanned at least 10 ports at 146.200.196.xxx.  (1 of 1) : 84.93.230.186  146.200.196.xxx 0040 TCP 80->16153 [.FA...] seq 253658502 ack 4101414955 win 112


Does anyone have any info on this server "community03.servers.plus.net" ?  Undecided
3 REPLIES 3
Pettitto
Plusnet Alumni (retired)
Plusnet Alumni (retired)
Posts: 6,346
Fixes: 5
Registered: ‎26-11-2011

Re: Post scans

It's one of the servers that we use for the Community Site - I can't see it being anything to worry about.
npr
Pro
Posts: 1,898
Thanks: 119
Fixes: 9
Registered: ‎21-01-2013

Re: Post scans

Thanks Chris,
I'm not worried, just puzzled.
Why has a plusnet "community server" taken such an interest in my ports.  Cheesy
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Post scans

This has been reported previously
https://community.plus.net/forum/index.php/topic,117757.0.html
https://community.plus.net/forum/index.php/topic,126255.msg1097866.html#msg1097866
I don't know why you've only recently started noticing it. The suprious packets arrive during or shortly after you browse these forums. The source port would be 44340 if you use https, otherwise the source port is 80.