Security Incidents mailing list archives
Slow scan
From: hektor () RZ RWTH-AACHEN DE (Jens Hektor)
Date: Mon, 22 May 2000 09:09:15 -0000
Hi, here are the traces of a slow scan which is currently investigating our net. About every 20 Minutes the next adress in a class-C net ist tested, but we see the same method in the whole the class-B net. So my automatic classification based on a 10-minute summary fails to label this a portscan, but the access is noticed anyway ... ** Access ** May 21 21:47:13 - May 21 21:47:13: 204.196.156.4 (borge.desoto.k12.la.us) 1 tries to 137.226.X.2 - 137.226.X.2 (1), Proto: TCP, Ports: pop2 ** Access ** May 21 22:08:55 - May 21 22:08:55: 204.196.156.4 (borge.desoto.k12.la.us) 1 tries to 137.226.X.3 - 137.226.X.3 (1), Proto: TCP, Ports: pop2 and so on and on ... Bye, Jens
Current thread:
- udp traffic to port 137 tobias wigand (May 19)
- network.exe -- was -- Re: udp traffic to port 137 Walt (May 20)
- Hmmm... named again. Bugtraq List (May 22)
- Slow scan Jens Hektor (May 22)
- Re: Slow scan, the rest of the story Jens Hektor (May 24)
- Re: udp traffic to port 137 Robert Saraceno, Jr. (May 22)