Security Incidents mailing list archives

Strange scan/connection request

From: "Los, Ralph" <rlos () ENVESTNET COM>
Date: Wed, 13 Dec 2000 11:14:06 -0600

List:

        As of yesterday, we've been getting the following messages on the
firewall (minimal logging, unfortunately).

Source:128.a.b.c, 50830-        Destination:my.main.fw.ip, 33473

Source:128.a.b.c, 50830-        Destination:my.main.fw.ip, 33478


        It would seem the source port is always the same, and the
destination is always in the same range.  I wish I had some packet-capture
capability, but I regret I do not, yet, as I am just setting this network up
for security.

Can someone maybe help identify this?

Ralph M. Los
Sr. Internet Systems & Security Admin.    (312) 827-3945 (direct)
EnvestNet Advisory Corp.                          (312) 296-9003 (wireless)

rlos () envestnet com

Current thread:

Strange scan/connection request Los, Ralph (Dec 14)
- <Possible follow-ups>
- Re: Strange scan/connection request Luke Dudney (Dec 15)