port scans

Andrew Weisz andrew at aei.on.ca
Wed Oct 20 19:14:00 CDT 2004


Lisa,

Try using a network sniffer to see if the port scans are originating from
the Linux system itself or whether an external system is routing the
port scans through your Linux box. tcpdump is a tool that does a pretty
good job of it of performing network captures. If tcpdump is not installed,
you will have to install that (RH has an rpm package for it).

The more preferable approach would be to plug in a third party network
sniffer (to get objective results in case your system is compromised).

Hope that helps.

Best Regards,
Andrew.

> I think my rh 2.1 box is doing port scans.   How can I tell by looking at
> the system?
>
> Thanks,
>
> Lisa
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.779 / Virus Database: 526 - Release Date: 10/19/2004
>




More information about the Linux-PowerEdge mailing list