Security Incidents mailing list archives
Re: scans on ports 3072 and 1024, why?
From: Sean Brown <srbrown () APPGEO COM>
Date: Fri, 29 Dec 2000 11:03:26 -0500
I thought this was probably the case. In capturing the traffic to<->from dalnet.away.net, there was nothing originating from my net. It seemed reasonable that someone was using mine and others networks as spoofed source addresses to which dalnet.away.net was responding with RST's. Nice to have confirmation (and correlation). Sean "Christopher L. Morrow" wrote:
Sean, These hosts (dalnet.away.net and atleast one other dalnet server) were being heavily ack flooded until about 9am yesterday... the 'scans' you were seeing were RESET's from the IRC servers... :) It also confused me as I thought I was seeing some new network mapping system in action. --Chris
<--snip--> -- ~~~~~~~~~~~~~~~ Sean R. Brown - srbrown () appgeo com System Administrator Applied Geographics, Inc. Boston, MA
Current thread:
- scans on ports 3072 and 1024, why? Conor McGrath (Dec 28)
- Re: scans on ports 3072 and 1024, why? Sean Brown (Dec 29)
- Re: scans on ports 3072 and 1024, why? Ryan W. Maple (Dec 30)
- Re: scans on ports 3072 and 1024, why? Ulrich Eckhardt (Dec 29)
- <Possible follow-ups>
- Re: scans on ports 3072 and 1024, why? Bill Royds (Dec 28)
- Re: scans on ports 3072 and 1024, why? Conor McGrath (Dec 28)
- Re: scans on ports 3072 and 1024, why? Aaron Schultz (Dec 29)
- Re: scans on ports 3072 and 1024, why? Aaron Schultz (Dec 30)
- Re: scans on ports 3072 and 1024, why? Jonas Luster (Dec 30)
- Re: scans on ports 3072 and 1024, why? Conor McGrath (Dec 28)
- Re: scans on ports 3072 and 1024, why? Sean Brown (Dec 29)