portscan from my own machine
I have 2 linux machines in our network as servers/gateways for windows machines.
Last week I got a portscan on the linux1 from linux 2 (logentry):
Jul 4 12:51:31 inetsrv scanlogd: From linux2 to linux1 ports 21, 3382, 3385, 3388, 3391, 3394, 3397, 3400, 3403, ..., flags ??r??u, TOS 00, TTL 64, started at 12:51:21
at the same time logentry in linux2 (time was not synchronized):
Jul 4 13:11:54 Surfer kernel: IPv6 v0.8 for NET4.0
Jul 4 13:11:54 Surfer kernel: IPv6 over IPv4 tunneling driver
Jul 4 13:11:54 Surfer in.ftpd[17049]: connect from localhost (127.0.0.1)
Jul 4 13:12:14 Surfer kernel: eth0: no IPv6 routers present
Jul 4 13:12:14 Surfer kernel: eth0: no IPv6 routers present
Jul 4 13:12:38 Surfer in.ftpd[17051]: connect from localhost (127.0.0.1)
... and I was the only user who was logged in on linux2:
me ftp localhost Wed Jul 4 13:12 - 13:12 (00:00)
me ftp windows1 Wed Jul 4 12:48 - 12:58 (00:10)
me pts/0 windows1 Wed Jul 4 11:38 - 13:15 (01:36)
me ftp windows1 Wed Jul 4 11:36 - 11:46 (00:10)
me ftp windows1 Wed Jul 4 11:36 - 11:51 (00:15)
any idea why I got this portscan?
well linux2 is configured as proxy for all windows machines. Is this the solution of this riddle, or does linux a portscan itself?
And why did I get an IPV6 request?
Thanks in advance,
Thomas
|