[CLUE-Tech] who attacked me?
Roger Frank
rfrank at rfrank.net
Tue Mar 20 18:55:40 MST 2001
On Tuesday 20 March 2001 16:51, ian wrote:
> What makes you say you were attacked?
Great question. I am relying on the message in the log
file, literally "attackalert". Could that be generated by
just a normal port scan? And why would someone in
Korea want to scan my ports anyway? It is part of
normal operations on the Internet, or is it the precursor
to a more focused attack?
I did a traceroute on that address and the last named
hop was www.hananet.net which looks to be in Korean.
addresses after that are 211.x.x.x and then a
192.168.0.142 which I though wasn't supposed to go
out on the net. Hops after that are just three stars,
and I'm not sure what that means either.
Interesting results from David Wilson on the anonyous
ftp. Still, I don't think I'll go there. But if anyone has
insight into why a machine would do a portscan of
my address, I'd like to hear about it. I'm going to use
this incident as a topic in my computer science
class on Thursday this week.
Thanks for everyone's help and the plethora of
useful tools you used.
Roger Frank
More information about the clue-tech
mailing list