Linode Forum :: Is Apple port scanning me?

Linode Forum https://forum.linode.com/

Is Apple port scanning me? https://forum.linode.com/viewtopic.php?f=19&t=6675	Page 1 of 1

Author:

10drill [ Mon Feb 07, 2011 11:50 pm ]

Post subject:

Is Apple port scanning me?

I have logcheck configured to send me daily reports of system log anomalies, and expect to see endless port scans and cracking attempts from all over the world. However, for the last week or so, I've been getting entries like below, always with the same source address...which belongs to apple.com.

Code:

Feb  7 12:32:56 zero kernel: Shorewall:logflags:DROP:IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=17.10.13.204 DST=XX.XX.XX.XX LEN=50 TOS=0x00 PREC=0x00 TTL=51 ID=100 PROTO=TCP SPT=48696 DPT=80 WINDOW=32767 RES=0x00 URGP=0

Feb  7 12:32:56 zero kernel: Shorewall:logflags:DROP:IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=17.10.13.204 DST=XX.XX.XX.XX LEN=50 TOS=0x00 PREC=0x00 TTL=52 ID=100 PROTO=TCP SPT=48640 DPT=80 WINDOW=32767 RES=0x00 URGP=0

Feb  7 12:32:56 zero kernel: Shorewall:logflags:DROP:IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=17.10.13.204 DST=XX.XX.XX.XX LEN=50 TOS=0x00 PREC=0x00 TTL=51 ID=100 PROTO=TCP SPT=48696 DPT=80 WINDOW=32767 RES=0x00 URGP=0

The destination port is always 80. Of course I can blacklist this IP, but I'm curious as to what is going on here. Any ideas?

Author:	Guspaz [ Tue Feb 08, 2011 11:59 am ]
Post subject:
If they only ever hit one port, it's by definition not a port scan...

Author:	mnordhoff [ Tue Feb 08, 2011 12:05 pm ]
Post subject:
Maybe it's a really slow one! They try one port per week.

Page 1 of 1	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/