Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: port scanning activity going up recently?

From: Nate Itkin <fw-wizards () konadogs net>
Date: Sun, 15 Nov 2009 12:11:35 -1000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Overall illicit activity looks to be down slightly.
see: http://www.dshield.org/submissions.html  (select sources, targets, 
and reports for 2009)

Cheers,
Nate Itkin

On Fri, Nov 13, 2009 at 12:16:21PM -0500, Ken Fox wrote:

Hi all -
Has anyone else noticed a recent spike in port scan activity over the last
few days?
I've been seeing some interesting traffic where multiple source addresses
are probing a number of the same high order destination ports from a small
set of source ports with a number of different but specific packet sizes.
e.g.: source port 3268 -> dest port 50572 packet size 48, 60, 64, and 52
egg: source port 3268 -> dest port 50592 packet size 48, 60, 64, and 52
Is there some botnet out there that I haven't heard about?
thanks -- ken



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBSwB6mjCWEYiadXeZAQiI/Qf/YcDpdRG9QKfHxrQV7nKrLx9DUUuKhEA6
mHLrtmmTQwtbJARIlErtdgal9EuJxGFnrAAKWYaPjaIUDj/21AZ03x06pRX6tKWD
LNLm0jOPZZBom4rnMyssDQ96tqN/9pnrLHEd8wr6D3DzgT0X33KifDKEkhgv40l8
Q4jhvJBGrgZcqPPCH7MMGhLX7qVYNWLDAyIf11uROlb8FRiRlW7Qholn4Baor40/
tEB6SuuFh7SoH76My2rCv94Co62Q7NqT9tMZrBf8jzeeG/SveUv6ymhORX75XLZi
KEXPTjj0G+1tiQYdkXLBIK75xta9V0fdc9UEf8OCMJHO3/bvMbfK0g==
=u9Ix
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: