[CLUE-Tech] who attacked me?
Cyberclops
Cyberclops at hawaii.rr.com
Tue Mar 20 19:07:04 MST 2001
I think it points up the danger of the "World Wide Web" you are subject
to port sniffing from anywhere in the world. It points up the fact that
security on the Internet has become paramount. The average user is
really not aware of the threat or danger, and know little how to deal
with it.
Roger Frank wrote:
>
> On Tuesday 20 March 2001 16:51, ian wrote:
> > What makes you say you were attacked?
>
> Great question. I am relying on the message in the log
> file, literally "attackalert". Could that be generated by
> just a normal port scan? And why would someone in
> Korea want to scan my ports anyway? It is part of
> normal operations on the Internet, or is it the precursor
> to a more focused attack?
>
> I did a traceroute on that address and the last named
> hop was www.hananet.net which looks to be in Korean.
> addresses after that are 211.x.x.x and then a
> 192.168.0.142 which I though wasn't supposed to go
> out on the net. Hops after that are just three stars,
> and I'm not sure what that means either.
>
> Interesting results from David Wilson on the anonyous
> ftp. Still, I don't think I'll go there. But if anyone has
> insight into why a machine would do a portscan of
> my address, I'd like to hear about it. I'm going to use
> this incident as a topic in my computer science
> class on Thursday this week.
>
> Thanks for everyone's help and the plethora of
> useful tools you used.
>
> Roger Frank
>
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list