RE: can someone interpret this log entry?
- From: "Jay J. Mobley" <jmobley@xxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 11 Mar 2002 14:41:19 -0800
Tom,
So is there anyway to tell if this is an SSL request being made by the
internal server,
Or is this server responding to SSL requests?
-Jay
-----Original Message-----
From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Monday, March 11, 2002 2:30 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: can someone interpret this log entry?
http://www.ISAserver.org
Hi Jay,
How is connecting to SSL port 443 considered a port scan?
Thanks!
Tom
-----Original Message-----
From: Jay J. Mobley [mailto:jmobley@xxxxxxxxxx]
Sent: Monday, March 11, 2002 4:24 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] can someone interpret this log entry?
http://www.ISAserver.org
So I got a message from our ISP today telling me that my server is
hacked because they got a complaint from a user who siad I am scanning
his ports. infering from the time of day, and the ports that he said
were scanned, I must assume the below are the firewall entries that
corrospond to this event, but before I go back to my ISP with what looks
to me like routine HTTPS traffic I want to submit to y'all to see if you
agree.
10.0.1.197, -, -, N, 3/10/2002, 19:21:30, fwsrv, -, -, -,
207.225.29.119, 1509, -, -, 0, 443, TCP, Accept, -, -, -, 20000, -, -,
-, -, -
10.0.1.197, -, -, N, 3/10/2002, 19:21:31, fwsrv, -, -, -,
207.225.29.119, 1510, -, -, 0, 443, TCP, Accept, -, -, -, 0, -, -, -, -,
-
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jmobley@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
