Security Incidents mailing list archives
Strange port 23 traffic
From: Costas Karafasoulis <karafas () MAIL ARIADNE-T GR>
Date: Sun, 18 Mar 2001 22:49:37 +0200
There is some strange traffic in my network, that I can really figure out what its is. It consists of a large number of connections of the form: xxx.xxx.xxx.xxx.1079-yyy.yyy.yyy.yyy.23 POST http://xxx.xxx.xxx.xxx:23/Ready?PVersion=1.0&CVersion=4000000&TVersion=1.0&S ession=441272 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 38 Cache-Control: no-cache Pragma: no-cache Date: Thu, 15 Feb 2001 00:20:56 GMT Host: xxx.xxx.xxx.xxx transaction= DAAAAAgAAAASAAAAAAAAAA== ---------------------------------------------------------------------------- -------- yyy.yyy.yyy.yyy.23-xxx.xxx.xxx.xxx.1079 HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Connection: close Date: Thu, 15 Feb 2001 00:19:15 GMT Content-Type: text/html Content-Length: 660 Expires: Thu, 15 Feb 2001 00:19:15 GMT <html><title>Conducent Response</title><body><P> OjU5AGh0dHA6Ly9yZWRVjZW50LmNvbS9TY3JpcHRzL1JlZG yLmRsbD9SyMDAxLTA2LTMwIDIzOjU5OjU5ADIzOjU5 </P></body></html> any ideas waht it could be ???
Current thread:
- Strange port 23 traffic Costas Karafasoulis (Mar 18)
- Re: Strange port 23 traffic Ray Simard (Mar 19)
- <Possible follow-ups>
- Re: Strange port 23 traffic Bill Royds (Mar 19)
- Re: Strange port 23 traffic Greg A. Woods (Mar 19)