I try to set correctly up my firewall ans would need your help on one thing :
I have this rule : [...] iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST \ -j LOG --log-level debug --log-prefix 'p_scan_: ' [...]
and i see this when i tail the output file :
[...]
Jun 8 22:52:32 milina kernel: p_scan_: IN=ppp0 OUT= MAC= SRC=81.220.171.201 DST=81.248.95.56 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=45424 PROTO=TCP SPT=4391 DPT=80 WINDOW=0 RES=0x00 RST URGP=0
[...]
Well . According to me, a port scan is the action to scan _all_ the ports ... why is the port scan identified as only scaning the 80th port ? I mean, a port scan should not be on one port only ... isn't it ?
-- Rakotomandimby Mihamina Andrianifaharana Tel : +33 2 38 76 43 65 http://stko.dyndns.info/site_principal/Members/mihamina
