Re: Question about port scans

["Christopher L. Morrow" <chris () UU NET>]

On Wed, 13 Jun 2001, Milliken, Larry wrote:

> I have a number of port scans in my log for port 42484.  I cannot find any
> info on trojans/viruses on this..Does anyone know what uses this port?

You'll notice that the 'source' port for this is 53 and it's TCP, eh? and
the source address is: 213.68.200.20, eh? I captured a few of these
packets all were resets.... so I assumed this host was being flooded and
the traffic I saw was 'backscatter'.

Looking at the logs I have for this I do notice that the hosts are being
hit almost sequentially which is strange for most flooders are more random
than this :(