[Foundation-l] Port scans?
Tom Holden
thomas.holden at gmail.com
Thu Dec 13 01:33:08 UTC 2007
Hi,
My firewall (Outpost Pro) keeps reporting port scans from meta.wikimedia.org
(details at the bottom of the email). For a few minutes after a port scan my
firewall decides there's an attack underway and blocks me from accessing
Wikipedia. I've not found any mention of anyone else having similar problems
through google, so I thought I'd raise the issue here. Hope it isn't
entirely inappropriate.
Yes I could add Wikipedia/Wikimedia to the trusted IP list, but it seems
rather odd that I should have to, (I certainly haven't had this problem with
other sites) and if conceivably possible I'd rather not. Why on earth should
Wikimedia servers be aggressively port scanning users' computers? (I guess
it's proxy detection or something, but it seems like using a hammer to crack
a nut, and in any case I'm logged in which one would think would exempt me
from such things.)
Tom (User:Cfp)
Last 10 "attacks". All the Wikimedia IP.
01:20:38 Port scan 91.198.174.2 TCP (14603,
14602, 14600, 14599, 14597, 14595)
01:15:58 Rst attack 91.198.174.2 -> 91.198.174.2
01:09:36 Port scan 91.198.174.2 TCP (14238,
14000, 13995, 13992, 13988, 14211)
12/12/2007 22:42:34 Port scan 91.198.174.2 TCP
(9711, 9710, 9708, 9707, 9705, 9694)
12/12/2007 22:31:28 Port scan 91.198.174.2 TCP
(9464, 9463, 9460, 9457, 9456, 9461)
12/12/2007 22:16:30 Port scan 91.198.174.2 TCP
(8975, 8974, 8973, 8972, 8968, 8963)
12/12/2007 22:16:30 Rst attack 91.198.174.2 ->
91.198.174.2
12/12/2007 17:55:41 Port scan 91.198.174.2 TCP
(1406, 1405, 1404, 1402, 1401, 1399)
12/12/2007 16:04:04 Port scan 91.198.174.2 TCP
(5321, 5320, 5319, 5318, 5312, 5311)
12/12/2007 14:40:06 Port scan 91.198.174.2 TCP
(2499, 2498, 2497, 2496, 2493, 2487)
More information about the foundation-l
mailing list