- Joined
- Jan 29, 2002
- Location
- The Big Brother Nation
I am using SmoothWall 3.IDS log said:Date: 03/13 10:56:16 Name: (portscan) TCP Portsweep
Priority: n/a Type: n/a
IP info: 78.32.221.106:n/a -> 209.85.137.83:n/a
References: none found
It appears as though I have been port scanning Google and a few other sites.
I tried to run GMER on all of my servers last night but one server hung.
I have F-Secure on all the PCs here but scanning is very slow on one server (the one that hung) and a laptop.
How is the best way to find where this is coming from? Could I set up TCPdump on the smothie's green nic to report the origin of the scan?
Could it be the smoothie itself has been compromised?
It does not seam to coincide with Google's spider.
HJT loged gopher prefix but I have never had a redirect
T.I.A.