[NTLUG:Discuss] [Fwd: What does this mean?]

[George E. Lass]

Kelly,

I have seen these messages in my /var/log/secure file 
after probing my system with nmap.  I don't know *exactly*
what they mean, but I suspect that you are being "probed"
by someone.  nmap tries to determine which "ports" on the
probed system are open to attack by sending packets to
all ports on that system.  As I recall, it mucks around with
the packet headers so that the probed system can't determine
where the probe is coming from....

Based on the fact that the connection was
refused, I'd guess that you have restricted access to your
system via /etc/hosts.allow & /etc/hosts.deny. 

You may be able to determine exactly what is going on by
reading all about nmap at:

http://www.insecure.org/nmap


George

Kelly Scroggins wrote:
> 
> Can anyone help me interpret the last two messages in the
> /var/log/secure.1 file below?
> 
> The second to the last message worries me most.  The last part of it
> says "Connection reset by peer".
> 
> Oct  4 22:45:29 gateway in.telnetd[12516]: refused connect from
> 24.200.82.130
> Oct  6 13:34:47 gateway imapd[14302]: refused connect from 212.34.32.8
> Oct  6 14:37:24 gateway in.telnetd[14338]: refused connect from
> 24.226.9.169
> Oct  9 12:08:30 gateway in.ftpd[17408]: refused connect from
> 193.230.175.126
> Oct 10 00:26:55 gateway in.telnetd[17866]: warning: can't get client
> address: Connection reset by peer
> Oct 10 00:26:55 gateway in.telnetd[17866]: refused connect from unknown
> 
> Thanks,
> kelly
> 
> --
> F O R  S A L E:
> Britanica Encyclopedia set
> Don't need them anymore
> Just married.  Wife has all the answers.
> --
> 
> _______________________________________________
> http://ntlug.org/mailman/listinfo/discuss

-- 
... Unix IS a user friendly O/S ...
(It's just picky about its friends)