Security Incidents mailing list archives
Re: update on scans of tcp 12345 AUSCERT#36349
From: sterwill () SOURCEGEAR COM (Shaw Terwilliger)
Date: Thu, 8 Jun 2000 11:09:31 -0500
Russell Fulton wrote:
Oh, yes. Source addresses seem to be mostly dialup or cable/dsl address and are spread around the world. APNIC addresses (210.0.0.0/7) are over represented -- between third and a half. Those that I looked up were predominantly Korean with a few in Japan. There are quite a lot form home.com, sympatico.ca, videotron.net, da.uu.net (cable providers?), and a smattering from around the rest of the world including Europe.
I have a single static IP dialup, and two days ago I received a similar scan on 12345, so it's not just you. It appears to be from a cable provider (excite@home). Jun 6 20:20:11 port 12345 connection attempt from cr458475-a.lndn1.on.wave.home .com [24.112.54.236] -- Shaw Terwilliger <sterwill () sourcegear com>
Current thread:
- update on scans of tcp 12345 AUSCERT#36349 Russell Fulton (Jun 05)
- Re: update on scans of tcp 12345 AUSCERT#36349 Shaw Terwilliger (Jun 08)
- unknown trojan (attached) Jeremy L. Gaddis (Jun 08)
- ** New DDoS / Trojan ** nine (Jun 10)
- Re: ** New DDoS / Trojan ** Pierre Vandevenne (Jun 12)
- Re: unknown trojan (attached) Brandon Kittler (Jun 10)
- Re: unknown trojan (attached) Doug Kahler (Jun 12)
- .:: 14x :: Information :: New DDoS/Trojan ::. Erik Tayler (Jun 13)
- Re: .:: 14x :: Information :: New DDoS/Trojan ::. Lic. Rodolfo Gonzalez Gonzalez (Jun 15)
- IRC connect through apache ???? arhuman () HOTMAIL COM (Jun 14)
- Re: IRC connect through apache ???? Eric Vyncke (Jun 15)
- ** New DDoS / Trojan ** nine (Jun 10)