It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

ns1.denyignorance.com is portscanning me (or so BlackICE says)

page: 1
0

log in

join
share:

posted on Aug, 13 2004 @ 09:10 AM
link   
Anyone have noticed this also?

As soon as I surf to ATS my BlackICE says that ns1.denyignorance.com is probing the following ports (extract from BlackICE)

Time, Event, Intruder, Count, Destination Port, Parameter(s)
2004-08-13 16:12:10, TCP_Port_Scan, ns1.denyignorance.com, 3, 0, port=3898|3900|3929|3931|3937-3938|3942|3944|3980|3993|4003-4004|4007|4016|4018|4027|4040|4042|4052|4057|4059|4071|4074-4075

Anybody know why this happens?

// k




posted on Aug, 13 2004 @ 09:17 AM
link   
I doubt it's a port scan. Our Apache server is configured to allow a high number of "MaxClients" and multiple "child servers", which means you could receive several dozen connections from us (on port 80) for each page request. Depending on the sensitivity of your BlackIce settings, it could categorize this type of multiple-connect activity as a "port scan" when you first hit a page on our server. Does it happen every page-load, or just when you first hit ATS?



posted on Aug, 13 2004 @ 09:48 AM
link   
Seems like it happen just when I first hit ATS.

Are your web and ns on the same server?
(Since BI says it is the ns1 that causes this.)

I am not surprised though as BI sometimes sees "attacks" when there are none.

// k



posted on Aug, 13 2004 @ 09:51 AM
link   
Yes, NS1.denyignorance and www.abovetopsecret are both the same IP on the same box. If BlackIce does a reverse lookup on our IP, it is possible it would catch the primary name server first.



new topics

top topics
 
0

log in

join