I don't understand why in the first message
the target IP is an internal network IP
Portscan detected:
------------------
System Date: Sep 12 2002
System Time: 10:23:47
Source IP: X.X.X.X
Target IP: Internal Computer IP (192.168.X.X)
Portscan detected:
------------------
System Date: Sep 12 2002
System Time: 10:23:50
Source IP: X.X.X.X
Target IP: external firewall IP
here are a part of the log file (the first line):
Sep 12 10:23:47 mf1 kernel: Portscan detected: IN=eth1 OUT=eth0 SRC=X.X.X.X DST=192.168.X.X LEN=44 TOS=0x00 PREC=0x00 TTL=60 ID=41157 DF PROTO=TCP SPT=20 DPT=1462 WINDOW=65535 RES=0x00 SYN URGP=0
the destination adress in the next 5 lines is the external network adapter adress.
another problem: the time on my internal computer
is identical with the time on the firwall computer - but the message send by the firewall is dated one our earlyer.
does anyone know why?
[:S]
[size="1"][ 20 September 2002, 04:40: Message edited by: blue ][/size]
This thread was automatically locked due to age.