Security Incidents mailing list archives
RE: Anyone have any ideas?
From: Paulo.Sedrez () weavers com br
Date: Thu, 17 May 2001 23:36:27 -0300 (EST)
On 15-May-2001 Jim Starke wrote:
While running ethereal tonight I saw someone scanning all of the ip addresses. I scrolled back and saw that my box was pinged twice and then approximately 7 minutes later, I saw an attempt to connect to port 1405 all by the same ip address. No. Time Source Destination Protocol Info 18960 2001-05-14 22:25:08.2490 206.239.3.90 xx.xxx.xx.xx ICMP Echo (ping) request 18961 2001-05-14 22:25:09.2592 206.239.3.90 xx.xxx.xx.xx ICMP Echo (ping) request 19236 2001-05-14 22:32:44.2349 206.239.3.90 xx.xxx.xx.xx TCP 79 > 1405 [RST, ACK] Seq=0 Ack=3813890208 Win=0 Len=0
[...snip...]
I guess my questions are why they were attempting to connect to port 1405 (I don't have any services on that port) and why would they be using port 79 to make the connection?
Quite the opposite. You just received the RESPONSE to the attempting to open a connection to port 79/tcp - finger - FROM your machine to 206.239.3.90, and the response was RST - no service on that port. ----- Paulo F. Sedrez Diretor de Tecnologia Weavers Network Consulting Tel/Fax: +55-21-239-3190 http://www.weavers.com.br Paulo.Sedrez () weavers com br -------------------------- Thought of the day: "When the only tool you have is a hammer, you tend to treat everything as if it were a nail." -- Abraham Maslow
Current thread:
- Anyone have any ideas? Jim Starke (May 14)
- RE: Anyone have any ideas? Paulo . Sedrez (May 18)