[NCLUG] poking port 109

mike cullerton michaelc at cullerton.com
Sun Dec 2 10:43:48 MST 2001


hey folks,

 starting yesterday morning, i've received a packet about every twenty
minutes checking out port 109 on incrementing ip's. ie, the first packet hit
.1 and about twenty minutes later one came in for .2 and then twenty minutes
later, .3 and so on. they're all coming from the same ip address.

 it's up around .83 right now.

 i block these at my border router, so i really don't care, but this one has
intrigued me. i've never really watched one this slow and deliberate before.
usually, a couple packets for a couple different ip's come in all at the
same time and then i never hear from that scanner again. have i just not
been paying attention enough before, and this is common?

 what would y'all do if you saw this on your own network?

 there's so much scanning going on these days that i don't even complain to
upstreams anymore. do y'all? usually, i just deny the packets at the router
and not even log them.

have a day,
mike

 -- mike cullerton   michaelc at cullerton dot com




More information about the NCLUG mailing list