Security Incidents mailing list archives
scans for port 4000 udp
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Mon, 27 Nov 2000 11:47:39 +1300
Over the past 10 days I have seen 3 scans for udp port 4000. In each case the scan had source addresses registered to ISPs in mainland China. Two, over the weekend, were from blocks registered by chinanet.cn.net. Here is an ascii dump of data from the start of packets (that were 313 chars long) < Data-Ascii = "....x..521531...0.15.2000-11-26.4919.:.........................." /> The ".15." then changed to 33, 54, 75, 87 and back to 15, 24, 51... 7 or 8 packets were sent with each number and the last number (4919) was incremented each time the middle number changed. Destination IP address were incremented sequentially. The same /24 network was targeted in all scans. (This network is not part of our /16, it belongs to a private company for whom we host some servers). Anyone have any idea what they are looking for? Cheers, Russell.
Current thread:
- scans for port 4000 udp Russell Fulton (Nov 28)
- <Possible follow-ups>
- Re: scans for port 4000 udp Jens Hektor (Nov 29)
- Re: scans for port 4000 udp Glen Boyd (Nov 30)
- Re: scans for port 4000 udp Young, Mike (Nov 30)