I've just recevie an email from my hosting company :
" Hello from AT&T Hosting and Applications Services. I am a Security Engineer here trying to track down a security incident that appears to have originated from your network on May 03, 2011. Please investigate a TCP sweep of port 3072 from the IP xx.xx.xxx.xx and inform me of the results (account cancelled, user warned, etc). I will require this information in order to close the ticket on this activity. I have attached a portion of the log details as evidence. All times are EDT (GMT -4).
(NOTE: This is an automated email response to the incoming scan/attack.)
18:53:39 xx.xx.xxx.xx 0.0.0.0 [TCP-SWEEP] (total=19,dp=3072,min=213.244.176.12,max=212.1.188.120,May03-17:34:49,May03- 17:43:38) (USI-amsxaid01) 18:53:39 xx.xx.xxx.xx 0.0.0.0 [TCP-SWEEP] (total=23,dp=1024,min=212.1.191.8,max=212.1.187.114,May03-17:35:14,May03-17: 43:40) (USI-amsxaid01) "
i replace the ip with " x "
