Hi all, Someone's been port-scanning me, checking only some high ports. Here are my relevant log entries:
May 26 13:39:30 j001 ippl: port 37397 connection attempt from 216.136.179.238 May 26 13:43:03 j001 ippl: port 37404 connection attempt from 216.136.179.238 May 26 13:43:06 j001 ippl: port 37404 connection attempt from 216.136.179.238 May 26 13:45:55 j001 ippl: port 37406 connection attempt from 216.136.179.238 May 26 13:45:58 j001 ippl: port 37406 connection attempt from 216.136.179.238 May 26 13:47:10 j001 ippl: port 37408 connection attempt from 216.136.179.238 May 26 13:49:30 j001 ippl: port 37412 connection attempt from 216.136.179.238 Does anyone know what they may be looking for in that range? Does anyone know of a good reference for info (vulnerabilities sorted by port, service, etc)? Does anyone how I can find out who/where/what-domain or host is using that ip? Thanks in advance for any help / advice. -- Paul T. Wright <[EMAIL PROTECTED]> -currently seeking employment-
