Security Incidents mailing list archives
Re: Another odd UDP scan - new trojan?
From: lurker () ITIS COM (M J)
Date: Fri, 19 May 2000 18:07:41 -0000
I just spoke to Arun Narasimhan [arun () quova com] who is the technical contact for Quova, Inc. He explained that their company is working in "stealth-mode" (not very stealthy if you ask me) on a new software package. He told me he cannot disclose the nature of this software or what it is supposed to do. He attemped to assure me that they mean no harm in the scans and they are scanning and tracerouting all class A, B, and C networks. (EEeesh!!) What are your thoughts on this - do you think this type of activity, which is apparently condoned by Exodus.net, is invasive and rude, or is it their public right to scan all addresses at their leasure? I have personally asked that all of our networks be excluded from their "testing". Comments / suggestions? -Matthew Hi We just had a report which is unusual - UDP ports 33448 through 33453 Scanning one of our net blocks but rolling the loop on the 3rd octet and throttled down to one every second or so. Src port number constant per dest host but then changing on the next target ip. Src IP is in an Exodus net block - 64.41.164.54 Anyone else seeing this or know what they are looking for? All attempts were fruitless, just curious. Cheers Neil
Current thread:
- Another odd UDP scan - new trojan? Neil Long (May 18)
- Re: Another odd UDP scan - new trojan? Pierre Vandevenne (May 18)
- Re: Another odd UDP scan - new trojan? Robert Graham (May 18)
- Re: Another odd UDP scan - new trojan? M J (May 19)