Security Incidents mailing list archives
large number of probes from 210.97.123.3
From: kj () INDIFFERENCE ORG (kj)
Date: Sun, 30 Apr 2000 23:20:43 -0700
On Sun, Apr 30, 2000 at 11:52:30AM +0100, Jonathan wrote:
This morning I'm seeing a large number of SYN probes from 210.97.123.3. They all seem to be directed at port 109 (pop2). They also run up our IP range so I think they're searching our subnet for something..... Apr 30 06:30:55 dog snort[11541]: SYN FIN Scan: 210.97.123.3:0 -> 194.205.???.120:109 Apr 30 06:42:40 dog snort[11541]: SYN FIN Scan: 210.97.123.3:0 ->
This scan might be trying to get passed your firewall. I don't think having the "syn" and "fin" bit set is normal. Also, the destination port of "0" is a bit wierd. K.J. -- "Never argue with an idiot. He will take you down to his level, and beat you with experience."
Current thread:
- large number of probes from 210.97.123.3 Jonathan (Apr 30)
- large number of probes from 210.97.123.3 kj (Apr 30)
- <Possible follow-ups>
- Re: large number of probes from 210.97.123.3 Luff, Darryl (May 01)