[Dshield] Noise or a methodical approach?

Chris Brenton cbrenton at chrisbrenton.org
Sat Jan 17 02:13:39 GMT 2004

On Fri, 2004-01-16 at 10:37, Glenn Jarvis wrote:
> Forgive the length.... I noticed this in my logs this morning while I 
> was going through them. Two sources , mostly from
> This just noise?
>   Drop TCP packet from WAN src: dst: 
> Rule: Default deny
> Jan/15/2004 17:25:46

Humm. could be a timed-out HTTP session. does have 80/TCP
listening (Apache). Do your logs show any outbound HTTP sessions to this

What's weird is there is no PTR record and the host has a self issued
digital certificate. Nothing evil about this, just odd.

Owner is "Everyones Internet" in Houston, TX so it seems like it might
be someone's Web server hanging off a DSL line. That would explain there
being no PTR and even possibly the self issued certificate.


More information about the list mailing list