large number of probes from 210.97.123.3

[kj () INDIFFERENCE ORG (kj)]

On Sun, Apr 30, 2000 at 11:52:30AM +0100, Jonathan wrote:
> This morning I'm seeing a large number of SYN probes from
> 210.97.123.3. They all seem to be directed at port 109 (pop2).
> They also run up our IP range so I think they're searching our
> subnet for something.....
>
> Apr 30 06:30:55 dog snort[11541]: SYN FIN Scan: 210.97.123.3:0 ->
> 194.205.???.120:109
> Apr 30 06:42:40 dog snort[11541]: SYN FIN Scan: 210.97.123.3:0 ->

This scan might be trying to get passed your firewall. I don't
think having the "syn" and "fin" bit set is normal. Also, the
destination port of "0" is a bit wierd.

K.J.

--

"Never argue with an idiot. He will take you down to his level, and
beat you with experience."