Security Incidents mailing list archives

Re: Unknown traffic

From: osvaldojaneri () UOL COM BR (Osvaldo Janeri Filho)
Date: Tue, 27 Jun 2000 21:12:14 -0300


Perhaps this 'system' is probing entire Class C random ips looking for a
new backdoor or DDoS tool a la mstream. They are getting common now.

On Tue, 27 Jun 2000, Paul Hancock wrote:

There is a system that is trying to connect to udp ports 55559, 43768, and
54253 on a number of my systems.  It tries those ports on a given machine,
and then moves on to a seemingly random machine from within my network.
Any idea what is running, or what it is trying to connect to?

[IPs changed]

Jun 27 02:10:26 ppl 74081: %SEC-6-IPACCESSLOGP: list PPL-COPATM-in denied
udp 8.1.218.40(2753) -> 207.137.123.164(55559), 1 packet
Jun 27 02:10:27 ppl 74082: %SEC-6-IPACCESSLOGP: list PPL-COPATM-in denied
udp 8.1.218.40(2754) -> 207.137.123.164(43768), 1 packet
Jun 27 02:10:28 ppl 74083: %SEC-6-IPACCESSLOGP: list PPL-COPATM-in denied
udp 8.1.218.40(2755) -> 207.137.123.164(54253), 1 packet


              -- Paul (phancock () lib ci phoenix az us)


--

 Osvaldo Janeri Filho
 Consultor em Informatica
 E-Security, E-Commerce, E-solutions
 Fortaleza,CE - Brasil

 ***************************************************************************
 Email : osvaldojaneri () uol com br
 Tel: +55 (0xx85) 9181-8528
 GnuPG KEY http://pgp5.ai.mit.edu:11371/pks/lookup?op=get&search=0xE88C7991
 ***************************************************************************

Current thread:

Unknown traffic Paul Hancock (Jun 27)
- Re: Unknown traffic Joe McAlerney (Jun 27)
- Re: Unknown traffic Osvaldo Janeri Filho (Jun 27)
- Re: Unknown traffic desmond irvine (Jun 28)