Security Incidents mailing list archives
Re: update on scans of tcp 12345 AUSCERT#36349
From: luke.dudney () WN COM AU (Luke Dudney)
Date: Sat, 10 Jun 2000 16:24:30 +0800
I'm seeing many many full class-C scans from these (210.0.0.0) IPs to multiple networks... our 203.x networks seem predominantly targeted; I'm yet to see any on our new 202.x APNIC block. %SEC-6-IPACCESSLOGP: list 102 denied tcp 211.53.142.106(2597) -> 203.34.x.y(12345), 1 packet %SEC-6-IPACCESSLOGP: list 102 denied tcp 211.53.142.106(2598) -> 203.34.x.y+1(12345), 1 packet %SEC-6-IPACCESSLOGP: list 102 denied tcp 211.53.142.106(2599) -> 203.34.x.y+2(12345), 1 packet %SEC-6-IPACCESSLOGP: list 102 denied tcp 211.53.142.106(2600) -> 203.34.x.y+3(12345), 1 packet %SEC-6-IPACCESSLOGP: list 100 denied tcp 210.218.142.175(3512) -> 203.23.n.o(12345), 1 packet %SEC-6-IPACCESSLOGP: list 100 denied tcp 210.218.142.175(3513) -> 203.23.n.o+1(12345), 1 packet %SEC-6-IPACCESSLOGP: list 100 denied tcp 210.218.142.175(3514) -> 203.23.n.o+2(12345), 1 packet %SEC-6-IPACCESSLOGP: list 100 denied tcp 210.218.142.175(3515) -> 203.23.n.o+3(12345), 1 packet also netbios.. %SEC-6-IPACCESSLOGP: list optus-int-list-in denied udp 209.216.91.36(137) -> 203.23.a.b(137), 2 packets %SEC-6-IPACCESSLOGP: list optus-int-list-in denied udp 209.216.91.36(137) -> 203.23.a.b+1(137), 2 packets %SEC-6-IPACCESSLOGP: list optus-int-list-in denied udp 209.216.91.36(137) -> 203.23.a.b+2(137), 2 packets %SEC-6-IPACCESSLOGP: list optus-int-list-in denied udp 209.216.91.36(137) -> 203.23.a.b+3(137), 2 packets and so on Cheers __________________________________________________ Luke Dudney Systems Administration WestNet - WA's Statewide Internet Provider Phone: 9218 2600 - Fax: 9218 2666 http://www.wn.com.au __________________________________________________ -----Original Message----- From: Bryan Scaringe [mailto:bscaring () MARMAIL ED RAY COM] Sent: Friday, June 09, 2000 4:09 AM To: INCIDENTS () SECURITYFOCUS COM Subject: Re: update on scans of tcp 12345 AUSCERT#36349 ditto, I forget the IP address, but I have seen a few of those in my logs lately. I just add the offending IP's to my blocked list and carry on. Is there any reson for me to be particularly concerned with these probes? Bryan
Current thread:
- Re: ** New DDoS / Trojan **, (continued)
- Re: ** New DDoS / Trojan ** Pierre Vandevenne (Jun 12)
- Re: unknown trojan (attached) Brandon Kittler (Jun 10)
- Re: unknown trojan (attached) Doug Kahler (Jun 12)
- .:: 14x :: Information :: New DDoS/Trojan ::. Erik Tayler (Jun 13)
- Re: .:: 14x :: Information :: New DDoS/Trojan ::. Lic. Rodolfo Gonzalez Gonzalez (Jun 15)
- IRC connect through apache ???? arhuman () HOTMAIL COM (Jun 14)
- Re: IRC connect through apache ???? Eric Vyncke (Jun 15)