port scan identification

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello

I try to set correctly up my firewall ans would need your help on one thing :

I have this rule :
[...]
iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST \
-j LOG --log-level debug --log-prefix 'p_scan_: '
[...]

and i see this when i tail the output file :

[...]
Jun 8 22:52:32 milina kernel: p_scan_: IN=ppp0 OUT= MAC= SRC=81.220.171.201 DST=81.248.95.56 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=45424 PROTO=TCP SPT=4391 DPT=80 WINDOW=0 RES=0x00 RST URGP=0
[...]


Well . According to me, a port scan is the action to scan _all_ the ports ... why is the port scan identified as only scaning the 80th port ? I mean, a port scan should not be on one port only ... isn't it ?

--
Rakotomandimby Mihamina Andrianifaharana
Tel : +33 2 38 76 43 65
http://stko.dyndns.info/site_principal/Members/mihamina


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux