Security Incidents mailing list archives
Re: Increased traffic to tcp port 524
From: David Knapp <dknapp () CALPOLY EDU>
Date: Thu, 26 Oct 2000 13:48:44 -0700
Could be this worm. http://www.sans.org/y2k/102000.htm David Knapp Network Analyst Cal Poly State University 805-756-7161
-----Original Message----- From: Suzanne.Hernandez [mailto:Suzanne.Hernandez () GUNTER AF MIL] Sent: Wednesday, October 25, 2000 1:31 PM To: INCIDENTS Subject: FW: Increased traffic to tcp port 524 Check it out...this is just half of yesterday and most of today...These are to non-existent subnets on our network. 10/24-14:43:26 TCP : 155.58.107.40:1124 -> A.B.205.219:524 FLAGS : **S***** 10/24-14:43:29 TCP : 155.58.107.40:1124 -> A.B.205.219:524 FLAGS : **S***** 10/24-14:44:42 TCP : 134.7.147.30:3972 -> A.B.178.17:524 FLAGS : **S***** 10/24-14:44:45 TCP : 134.7.147.30:3972 -> A.B.178.17:524 FLAGS : **S***** 10/24-14:44:51 TCP : 134.7.147.30:3972 -> A.B.178.17:524 FLAGS : **S***** 10/24-16:09:46 TCP : 64.31.230.169:1266 64-31-230-169.pdq.net -> A.B.22.144:524 FLAGS : **S***** 10/24-16:09:49 TCP : 64.31.230.169:1266 64-31-230-169.pdq.net -> A.B.22.144:524 FLAGS : **S***** 10/24-16:09:55 TCP : 64.31.230.169:1266 64-31-230-169.pdq.net ->
Current thread:
- Increased traffic to tcp port 524 Suzanne . Hernandez (Oct 26)
- <Possible follow-ups>
- FW: Increased traffic to tcp port 524 Suzanne . Hernandez (Oct 27)
- Re: Increased traffic to tcp port 524 Andrew Frith (Oct 27)
- Re: Increased traffic to tcp port 524 David Knapp (Oct 28)