[linux] IP protokol

[Peter Surda]

Ahojky, moze mi niekto vysvetlit, ako vznikly nasledujuce zapisy v logu?

Sep 26 01:07:35 morpheus portsentry[4192]: attackalert: Possible stealth scan
from unknown host to TCP port: 32773 (accept failed)
Sep 26 01:07:38 morpheus portsentry[4192]: attackalert: Possible stealth scan
from unknown host to TCP port: 15 (accept failed)
Sep 26 01:07:38 morpheus portsentry[4192]: attackalert: Possible stealth scan
from unknown host to TCP port: 32774 (accept failed)
Sep 26 01:07:39 morpheus portsentry[4192]: attackalert: Possible stealth scan
from unknown host to TCP port: 11 (accept failed)
Sep 26 01:07:40 morpheus portsentry[4192]: attackalert: Possible stealth scan
from unknown host to TCP port: 540 (accept failed)
Sep 26 01:07:41 morpheus portsentry[4192]: attackalert: Possible stealth scan
from unknown host to TCP port: 12346 (accept failed)
Sep 26 01:07:43 morpheus portsentry[4192]: attackalert: Possible stealth scan
from unknown host to TCP port: 32772 (accept failed)

To portsentry nestihol spracovat pakety alebo co? Inac za 4 sekundy uz nejaku
IP nasiel a zablokoval a odvtedy uz taketo nehlasil. Ale ze source adresu
nepoznal, to sa mi stalo prvy krat.

V pripade, ze je to invalidny paket a source adresa tam akosi neni (aj ked
nechapam, kto taky paket dovoli routovat), ako sa potom ten co portscanuje
dozvie odpoved, ked portscanovany nevie, kam ju ma poslat?

S pozdravom,

Peter Surda (Shurdeek) <surda na bigfoot.com>, ICQ 10236103, +4369910964300

--
gawk; grep; touch; unzip; touch; gasp; finger; gasp; mount; fsck;\
more; yes; gasp; umount; make clean; make mrproper