Security Incidents mailing list archives

Assistance regarding network scans

From: Steve Lum <steve () us-netreality com>
Date: Mon, 7 Aug 2000 09:17:52 -0700

hello all,

        For the last couple of days, a specific host (63.194.140.131) has been
scanning my IP addresses on my network. They seem to be trying to connect to
port 162. The computers they are trying to connect to seem to be focused on
two computers. One NT Server and a Solaris workstation. I've attached a
small part of my log file to the bottom so you can see more clearly whats
going on. The remote host is gw-sjo1.sc.philips.com
Has anyone seen this sort of behavior before? And i'm not sure what is the
next action to take regarding this situation.

08-06-2000      23:24:50        list 120 denied udp 63.194.140.131(691) ->
207.217.9.x(162), 1 packet
08-06-2000      23:25:51        list 120 denied udp 63.194.140.131(705) ->
207.217.9.x(162), 1 packet
08-06-2000      23:26:51        list 120 denied udp 63.194.140.131(717) ->
207.217.9.y(162), 1 packet
08-06-2000      23:27:52        list 120 denied udp 63.194.140.131(727) ->
207.217.9.x(162), 1 packet
08-06-2000      23:28:53        list 120 denied udp 63.194.140.131(739) ->
207.217.9.x(162), 1 packet
08-06-2000      23:29:54        list 120 denied udp 63.194.140.131(750) ->
207.217.9.x(162), 1 packet
08-06-2000      23:30:55        list 120 denied udp 63.194.140.131(761) ->
207.217.9.x(162), 1 packet
08-06-2000      23:31:55        list 120 denied udp 63.194.140.131(770) ->
207.217.9.x(162), 1 packet
08-06-2000      23:32:56        list 120 denied udp 63.194.140.131(786) ->
207.217.9.x(162), 1 packet
08-06-2000      23:33:57        list 120 denied udp 63.194.140.131(795) ->
207.217.9.x(162), 1 packet
08-06-2000      23:34:58        list 120 denied udp 63.194.140.131(806) ->
207.217.9.x(162), 1 packet
08-06-2000      23:35:58        list 120 denied udp 63.194.140.131(820) ->
207.217.9.x(162), 1 packet
08-06-2000      23:36:59        list 120 denied udp 63.194.140.131(834) ->
207.217.9.x(162), 1 packet
08-06-2000      23:38:00        list 120 denied udp 63.194.140.131(843) ->
207.217.9.x(162), 1 packet
08-06-2000      23:39:00        list 120 denied udp 63.194.140.131(854) ->
207.217.9.x(162), 1 packet
08-06-2000      23:40:01        list 120 denied udp 63.194.140.131(866) ->
207.217.9.x(162), 1 packet
08-06-2000      23:41:02        list 120 denied udp 63.194.140.131(880) ->
207.217.9.x(162), 1 packet
08-06-2000      23:42:03        list 120 denied udp 63.194.140.131(889) ->
207.217.9.x(162), 1 packet
08-06-2000      23:43:04        list 120 denied udp 63.194.140.131(898) ->
207.217.9.x(162), 1 packet



any help is greatly appreciated,


steve

Current thread:

Assistance regarding network scans Steve Lum (Aug 07)
- Re: Assistance regarding network scans Bill Pennington (Aug 08)
- <Possible follow-ups>
- Re: Assistance regarding network scans Forrester, Mike (Aug 08)