[CentOS] Port scanning from MicroSoft?
James B. Byrne
byrnejb at harte-lyne.caWed Aug 20 15:06:20 UTC 2014
- Previous message: [CentOS] cleaner than before RHEL7 -> Re: Run script at startup
- Next message: [CentOS] Port scanning from MicroSoft?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This mornings activity log shows this: . . . From 23.102.132.99 - 2 packets to tcp(3389) From 23.102.133.164 - 1 packet to tcp(3389) From 23.102.134.239 - 2 packets to tcp(3389) From 23.102.136.210 - 3 packets to tcp(3389) From 23.102.136.222 - 2 packets to tcp(3389) From 23.102.137.62 - 3 packets to tcp(3389) From 23.102.137.101 - 2 packets to tcp(3389) From 23.102.138.184 - 1 packet to tcp(3389) From 23.102.138.216 - 1 packet to tcp(3389) From 23.102.139.11 - 2 packets to tcp(3389) From 23.102.139.27 - 5 packets to tcp(3389) From 23.102.140.90 - 2 packets to tcp(3389) From 23.102.140.158 - 3 packets to tcp(3389) From 23.102.161.114 - 1 packet to tcp(3389) From 23.102.170.1 - 2 packets to tcp(3389) From 23.102.170.48 - 4 packets to tcp(3389) From 23.102.171.49 - 2 packets to tcp(3389) From 23.102.172.233 - 2 packets to tcp(3389) From 23.102.173.124 - 2 packets to tcp(3389) . . . These are either mostly or entirely MicroSoft.com addresses. Any ideas as to what legitimate use this probing might have? I know that 3389 is MS-RDP. My question is why would a 'reputable' firm be scanning my systems for open connections on that port? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
- Previous message: [CentOS] cleaner than before RHEL7 -> Re: Run script at startup
- Next message: [CentOS] Port scanning from MicroSoft?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list