[7.460][QUESTION][ANSWERED] strange port scan mail

Hi Friends !

I am getting strange portscan mail from my client

A portscan was detected. Details about the event:

Time.............: 2009:07:02-21:33:43
Source IP address: 192.168.2.254
- Where are my results?
- Query the RIPE Database
- ARIN: WHOIS Database Search
- APNIC - Query the APNIC Whois Database
shri_beta_test
--
System Uptime      : 0 days 7 hours 52 minutes
System Load        : 0.72
- Show quoted text -
A portscan was detected. Details about the event:

Time.............: 2009:07:02-21:42:55

Source IP address: 192.168.2.254
- Where are my results?
- Query the RIPE Database
- ARIN: WHOIS Database Search
- APNIC - Query the APNIC Whois Database
shri_beta_test
--
System Uptime      : 0 days 0 hours 4 minutes
System Load        : 4.16
- Show quoted text -

A portscan was detected. Details about the event:

Time.............: 2009:07:02-21:33:50

Source IP address: 192.168.2.254
- Where are my results?
- Query the RIPE Database
- ARIN: WHOIS Database Search
- APNIC - Query the APNIC Whois Database
shri_beta_test
--
System Uptime      : 0 days 7 hours 52 minutes
- Show quoted text -

And in in box they are in numbers of 61 (gmail show that)

how to i diagnose this and what kind of reports u will need to understand and examine

Thanks

Parents

0 Astaro Beta Bot over 16 years ago

Astaro Beta Report
--------------------------------
Version: 7.460
Type: QUESTION
State: ANSWERED
Reporter: utm_kid
Contributor: 
MantisID: 
--------------------------------

Reply

0 Astaro Beta Bot over 16 years ago

Astaro Beta Report
--------------------------------
Version: 7.460
Type: QUESTION
State: ANSWERED
Reporter: utm_kid
Contributor: 
MantisID: 
--------------------------------

Children

0 Gert Hansen over 16 years ago in reply to Astaro Beta Bot

Is this IP adresss in use in your network.

IS this ip using FTP? This is a known false positive if you download many small files. As each file will open a new connection with an increasing post number. Just as a portscan would look like

regards
Gert
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 utm_kid over 16 years ago in reply to Gert Hansen

Is this IP adresss in use in your network.

IS this ip using FTP? This is a known false positive if you download many small files. As each file will open a new connection with an increasing post number. Just as a portscan would look like

regards
Gert

Hello Sir,

no this is not a ip on my network ,now i switch on another asg system which had no dhcp server just now i start now i had 192.168.2.254 .

No ,this is not a ftp server ,i have ftp client in system (browser and standalone)

but why 7 hour 52 mints every time ,each mail has that time
i never keep my system so long on
i close my system in night around 12/1 am till 7am

i will diagnose more and get back to u please tell me more how i can get more dtls /from which log file ?

Thanks
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel