return to first page linux journal archive
keywordscontents

Listing 1. Traces Left Behind by a Port Scan

Jul 18 02:42:25 target sshd[2370]: log: Connection
from 192.168.0.1 port 2107
Jul 18 02:42:25 target sshd[2370]: fatal: Did not
receive ident string.
Jul 18 02:42:25 target wu.ftpd[2369]: connect from
root@attacker
Jul 18 02:42:25 target in.telnetd[2368]: connect
from root@attacker
Jul 18 02:42:26 target imapd[2366]: connect from
root@attacker
Jul 18 02:42:26 target in.pop3d[2367]: connect from
root@attacker
Jul 18 02:42:26 target ftpd[2369]: FTP session closed
Jul 18 02:42:26 target telnetd[2368]: ttloop:
read: Broken pipe
Jul 18 02:42:28 target in.fingerd[2365]: connect from
root@attacker