Security Incidents mailing list archives
RE: Question about port scans
From: "Milliken, Larry" <lmilliken () uslec com>
Date: Wed, 13 Jun 2001 11:43:54 -0400
Correct about the source port being 53..The source address is 212.67.33.15.. -----Original Message----- From: Christopher L. Morrow [mailto:chris () UU NET] Sent: Wednesday, June 13, 2001 11:38 AM To: Milliken, Larry Cc: incidents () securityfocus com Subject: Re: Question about port scans On Wed, 13 Jun 2001, Milliken, Larry wrote:
I have a number of port scans in my log for port 42484. I cannot find any info on trojans/viruses on this..Does anyone know what uses this port?
You'll notice that the 'source' port for this is 53 and it's TCP, eh? and the source address is: 213.68.200.20, eh? I captured a few of these packets all were resets.... so I assumed this host was being flooded and the traffic I saw was 'backscatter'. Looking at the logs I have for this I do notice that the hosts are being hit almost sequentially which is strange for most flooders are more random than this :(
Current thread:
- Question about port scans Milliken, Larry (Jun 13)
- Re: Question about port scans Christopher L. Morrow (Jun 13)
- <Possible follow-ups>
- RE: Question about port scans Milliken, Larry (Jun 13)