Security Incidents mailing list archives
Scan of on port 5232
From: Rob Lindenbusch <lfcrob () AI ORG>
Date: Wed, 9 Aug 2000 09:53:24 -0500
We were on the receiving end of a scan on port 5232 the other night. I have been unable to figure out what they might be looking for... Aug 8 21:18:59 204.97.241.16:1323 -> a.b.c.1:5232 SYN **S***** Aug 8 21:18:59 204.97.241.16:1325 -> a.b.c.3:5232 SYN **S***** Aug 8 21:18:59 204.97.241.16:1347 -> a.b.c.25:5232 SYN **S***** Aug 8 21:18:59 204.97.241.16:1352 -> a.b.c.30:5232 SYN **S***** Aug 8 21:18:59 204.97.241.16:1356 -> a.b.c.34:5232 SYN **S***** Aug 8 21:18:59 204.97.241.16:1358 -> a.b.c.36:5232 SYN **S***** Aug 8 21:18:59 204.97.241.16:1361 -> a.b.c.39:5232 SYN **S***** Aug 8 21:18:59 204.97.241.16:1362 -> a.b.c.40:5232 SYN **S***** Aug 8 21:18:59 204.97.241.16:1363 -> a.b.c.41:5232 SYN **S***** Aug 8 21:18:59 204.97.241.16:1364 -> a.b.c.42:5232 SYN **S***** The only thing I have really found is a mention of a similar scan on the SANS site: http://www.sans.org/y2k/041200.htm (relevant excerpt) Apr 9 01:31:16 163.152.41.8:16628 -> a.b.d.52:5232 SYN **S***** Apr 9 01:31:17 163.152.41.8:16883 -> a.b.e.52:5232 SYN **S***** Apr 9 01:31:17 163.152.41.8:16889 -> a.b.e.58:5232 SYN **S***** Apr 9 01:31:17 163.152.41.8:16892 -> a.b.e.61:5232 SYN **S***** Apr 9 01:31:17 163.152.41.8:16894 -> a.b.e.63:5232 SYN **S***** Any ideas? My only guess is that they meant to hit 5232 and got confused.. Thanks, Rob
Current thread:
- Scan of on port 5232 Rob Lindenbusch (Aug 09)
- Re: Scan of on port 5232 Ryan Pendergraff (Aug 10)