Security Incidents mailing list archives
Re: scan on TCP/21536
From: Jean-Francois Zwobada <zwobada () FLUXUS NET>
Date: Tue, 26 Dec 2000 19:03:08 +0100
Hello all, we've seen that quite a lot these days. it seems to be related to some malfunctionning network device. I'm in touch with a network admin working for a french ISP and they were looking at some devices (Proxies & other Network Access servers). If you concatenate the source and dest ports and convert to ASCII you'll obtain a "GET " or other things with SSL connections. As if the TCP headers was overwritten with the data by some caching device or anything like this. Cheers JF At 11:36 23/12/00 -0800, Rude Yak wrote:
Someone posted about scans from TCP 18245 to TCP 21536 recently, and received replies that the scan was an unidentified tool, with the source mostly coming from Poland. I've been seeing a rash of these scans lately, except they are accompanied simultaneously with scans for Firewall-1 services (TCP 256, 259) and coming from a US-based ISP. Thought I'd add a bit of fuel to the fire... __________________________________________________ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/
Jean-Francois Zwobada Cellule Securite - Fluxus Phone : +33.1.70.95.10.10 - Fax : +33.1.70.95.10.00 37, rue du Colonel Pierre Avia - 75015 PARIS
Current thread:
- Re: scan on TCP/21536 Rude Yak (Dec 23)
- Re: scan on TCP/21536 Grzegorz Janoszka (Dec 26)
- Re: scan on TCP/21536 Jean-Francois Zwobada (Dec 26)