Please teach me how to read port scan messages
Posted: 07 Mar 2013, 06:46
Hi
I am having a hard time figuring out what ports are being scanned. The below block is in fact from a hosting client and the temp blocks stop him from downloading mail.
Can someone please let me know what blocks are being scanned below so I can help the client to resolve this.
Thanks
I am having a hard time figuring out what ports are being scanned. The below block is in fact from a hosting client and the temp blocks stop him from downloading mail.
Can someone please let me know what blocks are being scanned below so I can help the client to resolve this.
Thanks
Code: Select all
Time: Thu Mar 7 04:20:06 2013 +0200
IP: 41.132.199.40 (ZA/South Africa/41-132-199-40.dsl.xxxx)
Hits: 11
Blocked: Temporary Block
Sample of block hits:
Mar 7 04:18:38 CentOS-63-64-minimal kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:1e:67:48:fa:82:78:19:f7:91:ec:01:08:00 SRC=41.132.199.40 DST=197.221.46.242 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=28198 DF PROTO=TCP SPT=64348 DPT=26 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 7 04:18:50 CentOS-63-64-minimal kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:1e:67:48:fa:82:78:19:f7:91:ec:01:08:00 SRC=41.132.199.40 DST=197.221.46.242 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=28232 DF PROTO=TCP SPT=64348 DPT=26 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 7 04:18:53 CentOS-63-64-minimal kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:1e:67:48:fa:82:78:19:f7:91:ec:01:08:00 SRC=41.132.199.40 DST=197.221.46.242 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=28233 DF PROTO=TCP SPT=64348 DPT=26 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 7 04:18:59 CentOS-63-64-minimal kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:1e:67:48:fa:82:78:19:f7:91:ec:01:08:00 SRC=41.132.199.40 DST=197.221.46.242 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=28236 DF PROTO=TCP SPT=64348 DPT=26 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 7 04:19:11 CentOS-63-64-minimal kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:1e:67:48:fa:82:78:19:f7:91:ec:01:08:00 SRC=41.132.199.40 DST=197.221.46.242 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=28246 DF PROTO=TCP SPT=64348 DPT=26 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 7 04:19:34 CentOS-63-64-minimal kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:1e:67:48:fa:82:78:19:f7:91:ec:01:08:00 SRC=41.132.199.40 DST=197.221.46.242 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=28274 DF PROTO=TCP SPT=64354 DPT=26 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 7 04:19:37 CentOS-63-64-minimal kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:1e:67:48:fa:82:78:19:f7:91:ec:01:08:00 SRC=41.132.199.40 DST=197.221.46.242 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=28324 DF PROTO=TCP SPT=64354 DPT=26 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 7 04:19:44 CentOS-63-64-minimal kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:1e:67:48:fa:82:78:19:f7:91:ec:01:08:00 SRC=41.132.199.40 DST=197.221.46.242 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=28335 DF PROTO=TCP SPT=64354 DPT=26 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 7 04:19:56 CentOS-63-64-minimal kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:1e:67:48:fa:82:78:19:f7:91:ec:01:08:00 SRC=41.132.199.40 DST=197.221.46.242 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=28342 DF PROTO=TCP SPT=64354 DPT=26 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 7 04:19:59 CentOS-63-64-minimal kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:1e:67:48:fa:82:78:19:f7:91:ec:01:08:00 SRC=41.132.199.40 DST=197.221.46.242 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=28348 DF PROTO=TCP SPT=64354 DPT=26 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 7 04:20:05 CentOS-63-64-minimal kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:1e:67:48:fa:82:78:19:f7:91:ec:01:08:00 SRC=41.132.199.40 DST=197.221.46.242 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=28357 DF PROTO=TCP SPT=64354 DPT=26 WINDOW=8192 RES=0x00 SYN URGP=0