Security Incidents mailing list archives
Re: Unknown traffic
From: osvaldojaneri () UOL COM BR (Osvaldo Janeri Filho)
Date: Tue, 27 Jun 2000 21:12:14 -0300
Perhaps this 'system' is probing entire Class C random ips looking for a new backdoor or DDoS tool a la mstream. They are getting common now. On Tue, 27 Jun 2000, Paul Hancock wrote:
There is a system that is trying to connect to udp ports 55559, 43768, and 54253 on a number of my systems. It tries those ports on a given machine, and then moves on to a seemingly random machine from within my network. Any idea what is running, or what it is trying to connect to? [IPs changed] Jun 27 02:10:26 ppl 74081: %SEC-6-IPACCESSLOGP: list PPL-COPATM-in denied udp 8.1.218.40(2753) -> 207.137.123.164(55559), 1 packet Jun 27 02:10:27 ppl 74082: %SEC-6-IPACCESSLOGP: list PPL-COPATM-in denied udp 8.1.218.40(2754) -> 207.137.123.164(43768), 1 packet Jun 27 02:10:28 ppl 74083: %SEC-6-IPACCESSLOGP: list PPL-COPATM-in denied udp 8.1.218.40(2755) -> 207.137.123.164(54253), 1 packet -- Paul (phancock () lib ci phoenix az us)
-- Osvaldo Janeri Filho Consultor em Informatica E-Security, E-Commerce, E-solutions Fortaleza,CE - Brasil *************************************************************************** Email : osvaldojaneri () uol com br Tel: +55 (0xx85) 9181-8528 GnuPG KEY http://pgp5.ai.mit.edu:11371/pks/lookup?op=get&search=0xE88C7991 ***************************************************************************
Current thread:
- Unknown traffic Paul Hancock (Jun 27)
- Re: Unknown traffic Joe McAlerney (Jun 27)
- Re: Unknown traffic Osvaldo Janeri Filho (Jun 27)
- Re: Unknown traffic desmond irvine (Jun 28)