Security Incidents mailing list archives
RE: port 6635 and port 9705
From: dschultz () mail3 bunt com
Date: Thu, 15 Nov 2001 09:52:31 +0100
I saw a very similar scan from this IP to one of our Class C's on 13 Nov as well. 9705->9705 scan began at 18:18 GMT, followed by a 6635->6635 at 20:25 GMT. In both instances, approximately 70 hits were detected. Dale
-----Original Message----- From: Jim Howard [mailto:Jim.Howard () abcv com] Sent: Wednesday, November 14, 2001 6:29 PM To: incidents () securityfocus com Subject: port 6635 and port 9705 Somebody had asked where these scans were coming from. Just yesterday, I got scanned on both these ports at the same time from this IP: 216.187.84.11 .. I have notified the parties that needed notification, but I just wanted to mention that: 1) our entire network was scanned for both from the same host, one right after the other with 9705 first, then 6635. The scans to 9705 were primarily from port 9705, where the 6635 scan was from an incrementing port #. 2) this is the first I have seen scans on these ports for some time. It sounds from what people are saying, that this may be picking up now? 3) There was a break of about 4 minutes between the scan sessions, that indicate a manual process to fire up the other scan. All scans carry the SYN flag. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
--------------------------------------------- This message was sent using Endymion MailMan. http://www.endymion.com/products/mailman/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- port 6635 and port 9705 Jim Howard (Nov 14)
- <Possible follow-ups>
- RE: port 6635 and port 9705 Rob Keown (Nov 15)
- RE: port 6635 and port 9705 dschultz (Nov 15)