Security Incidents mailing list archives
port scan from 53
From: "JKruser" <jkruser () adelphia net>
Date: Wed, 16 May 2001 08:53:12 -0400
Does anyone have any idea what would cause a scan to originate from port 53 on an IRIX based server and destined for users on incrementing ports starting in the 1000 range and continuing, in cases, to 4000 range. Here is one section of log if it helps: 2000/09/14,09:21:48 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1038,UDP 2000/09/14,09:22:06 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1042,UDP 2000/09/14,09:22:56 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1045,UDP 2000/09/14,09:23:00 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1048,UDP 2000/09/14,09:23:12 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1052,UDP 2000/09/14,09:24:04 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1054,UDP 2000/09/14,09:28:00 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1068,UDP 2000/09/14,09:28:12 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1071,UDP 2000/09/14,09:33:00 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1079,UDP 2000/09/14,09:33:14 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1082,UDP 2000/09/14,09:37:08 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1086,UDP 2000/09/14,09:38:00 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1089,UDP 2000/09/14,09:38:14 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1092,UDP 2000/09/14,09:43:00 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1099,UDP 2000/09/14,09:43:12 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1102,UDP 2000/09/14,09:48:00 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1113,UDP 2000/09/14,09:48:12 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1116,UDP 2000/09/14,09:48:42 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1119,UDP 2000/09/14,09:48:46 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1122,UDP 2000/09/14,09:48:56 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1127,UDP 2000/09/14,09:49:26 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1133,UDP 2000/09/14,09:49:30 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1135,UDP 2000/09/14,09:53:00 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1142,UDP 2000/09/14,09:53:12 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1145,UDP 2000/09/14,09:55:24 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1147,UDP 2000/09/14,09:57:08 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1149,UDP 2000/09/14,09:57:10 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1152,UDP 2000/09/14,09:57:54 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1158,UDP 2000/09/14,09:58:00 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1160,UDP 2000/09/14,09:58:02 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1162,UDP 2000/09/14,09:58:16 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1166,UDP 2000/09/14,09:58:24 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1168,UDP 2000/09/14,09:58:26 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1169,UDP 2000/09/14,09:58:26 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1170,UDP 2000/09/14,09:58:34 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1171,UDP 2000/09/14,09:58:36 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1172,UDP 2000/09/14,09:58:36 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1173,UDP 2000/09/14,09:58:40 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1174,UDP 2000/09/14,09:58:40 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1175,UDP 2000/09/14,09:58:42 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1176,UDP 2000/09/14,09:58:48 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1177,UDP 2000/09/14,09:58:50 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1178,UDP 2000/09/14,09:58:52 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1179,UDP 2000/09/14,09:59:00 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1180,UDP 2000/09/14,09:59:00 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1182,UDP 2000/09/14,09:59:00 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1183,UDP 2000/09/14,09:59:10 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1186,UDP 2000/09/14,10:00:44 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1192,UDP 2000/09/14,10:00:46 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1194,UDP 2000/09/14,10:00:48 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1196,UDP 2000/09/14,10:02:04 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1204,UDP 2000/09/14,10:03:02 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1214,UDP 2000/09/14,10:03:14 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1217,UDP 2000/09/14,10:05:12 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1227,UDP 2000/09/14,10:05:30 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1229,UDP 2000/09/14,10:07:48 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1231,UDP 2000/09/14,10:08:04 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1235,UDP 2000/09/14,10:08:06 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1237,UDP 2000/09/14,10:08:20 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1242,UDP 2000/09/14,10:13:04 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1245,UDP 2000/09/14,10:13:18 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1248,UDP 2000/09/14,10:18:06 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1251,UDP 2000/09/14,10:18:18 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1254,UDP 2000/09/14,10:23:00 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1257,UDP 2000/09/14,10:23:12 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1260,UDP 2000/09/14,10:28:00 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1263,UDP 2000/09/14,10:28:12 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1266,UDP 2000/09/14,10:33:02 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1269,UDP 2000/09/14,10:33:14 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1272,UDP 2000/09/14,10:35:52 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1274,UDP 2000/09/14,10:38:00 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1278,UDP 2000/09/14,10:38:14 -5:00 GMT, Server.IP.Address:53,Client.IP.Address:1281,UDP Thanks for the assistance. JK
Current thread:
- port scan from 53 JKruser (May 16)
- Re: port scan from 53 Maarten Van Horenbeeck (May 16)
- RE: port scan from 53 Mike Batchelor (May 17)
- Re: port scan from 53 Maarten Van Horenbeeck (May 16)