From owner-freebsd-questions@FreeBSD.ORG Thu Jul 28 13:16:37 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3652016A41F for ; Thu, 28 Jul 2005 13:16:37 +0000 (GMT) (envelope-from NKoch@demig.de) Received: from server.absolute-media.de (server.absolute-media.de [213.239.231.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6D8743D46 for ; Thu, 28 Jul 2005 13:16:36 +0000 (GMT) (envelope-from NKoch@demig.de) Received: from localhost (unknown [127.0.0.1]) by server.absolute-media.de (Postfix) with ESMTP id D6AEB8C42F; Thu, 28 Jul 2005 15:16:31 +0200 (CEST) Received: from server.absolute-media.de ([127.0.0.1]) by localhost (server [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16125-06; Thu, 28 Jul 2005 15:16:27 +0200 (CEST) Received: from firewall.demig (p50839673.dip0.t-ipconnect.de [80.131.150.115]) by server.absolute-media.de (Postfix) with ESMTP id 0157B89C8C; Thu, 28 Jul 2005 15:16:26 +0200 (CEST) Received: from ws-ew-3 (ws-ew-3.w2kdemig [192.168.1.72]) by firewall.demig (8.13.4/8.13.1) with SMTP id j6SDFAc3091309; Thu, 28 Jul 2005 15:15:10 +0200 (CEST) (envelope-from NKoch@demig.de) From: "Norbert Koch" To: "Cody Holland" , Date: Thu, 28 Jul 2005 15:15:08 +0200 Message-ID: <000001c59376$609db760$4801a8c0@ws-ew-3.W2KDEMIG> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2120.0 In-Reply-To: <4B3EE484EEA4F344BBB62F831648998637C8BB@corpsrv.RedMoon.local> Importance: Normal X-Virus-Scanned: by amavisd-new X-Virus-Scanned: by amavisd-new at absolute-media.de Cc: Subject: RE: Port Scan X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jul 2005 13:16:37 -0000 > Does anyone know what could be causing this? Some of these are probes > from external IP's, but a lot of these are the servers probing itself. > > > Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:65215 flags:0x02 > > > Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:65215 flags:0x02 > > > Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:65215 flags:0x02 > > > Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:65215 flags:0x02 > > > Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:65215 flags:0x02 > > > Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:65215 flags:0x02 > > > Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:65215 flags:0x02 > > > Connection attempt to TCP 127.0.0.1:80 from 127.0.0.1:65215 flags:0x02 > squid http proxy? > > Connection attempt to UDP 206.123.80.170:1026 from > > 218.66.104.140:38828 Connection attempt to UDP 206.123.80.170:1027 > > from 218.66.104.140:38828 Connection attempt to UDP 206.123.80.170:137 netbios-ns request to a samba server? Norbert