Security Incidents mailing list archives
Slow scan
From: mixmaster () REMAIL OBSCURA COM (Mixmaster)
Date: Wed, 19 Jan 2000 18:04:16 -0800
Here's an interesting one: a *very* slow scan of my class C from phoenix.mwinet.com, a RedHat name server. ADMROCKS strikes again? I've already emailed the contacts. I'd guess the scan is still underway, but it's so slow I'll have to wait and see. Jan 18 18:37:54 denied tcp 209.80.56.16(53) -> <mynet>.1(111), 1 packet Jan 18 22:35:32 denied tcp 209.80.56.16(53) -> <mynet>.2(111), 1 packet Jan 19 02:59:26 denied tcp 209.80.56.16(53) -> <mynet>.3(111), 1 packet Jan 19 07:23:17 denied tcp 209.80.56.16(53) -> <mynet>.4(111), 1 packet
Current thread:
- Unusual scan pattern Russell Fulton (Jan 18)
- ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Michael Vaughan (Jan 19)
- Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Cy Schubert - ITSD Open Systems Group (Jan 21)
- Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Ex Machina [xm] (Jan 21)
- Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File CyberPsychotic (Jan 21)
- Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Dug Song (Jan 22)
- Re: Unusual scan pattern Granquist, Lamont (Jan 19)
- Slow scan Mixmaster (Jan 19)
- Re: Unusual scan pattern Richard Bejtlich (Jan 20)
- Re: Unusual scan pattern Kevin Houle (Jan 20)
- Re: Unusual scan pattern Russell Fulton (Jan 23)
- semi careful, very patient attacker Jon Paul, Nollmann (Jan 24)
- <Possible follow-ups>
- Re: Unusual scan pattern Oliver Friedrichs (Jan 19)
- Unknown Port Numbers Edwin Covert (Jan 21)
- ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Michael Vaughan (Jan 19)