Security Incidents mailing list archives
What's going on here?
From: Jackie <JackieJ () Syllables com>
Date: Fri, 23 Aug 2002 19:57:28 -0400
ZoneAlarm reported this burst, all from port 80 on a reserved IP block. What the honk's going on? FWIN,2002/08/23,18:47:42 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:9176,TCP (flags:S) FWIN,2002/08/23,18:47:42 -4:00 GMT,10.10.2.105:80,xxx.xx.96.7:13682,TCP (flags:S) FWIN,2002/08/23,18:47:42 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:12156,TCP (flags:S) FWIN,2002/08/23,18:47:44 -4:00 GMT,10.10.2.109:80,xxx.xx.96.7:28165,TCP (flags:S) FWIN,2002/08/23,18:47:44 -4:00 GMT,10.60.1.103:80,xxx.xx.96.7:13290,TCP (flags:S) FWIN,2002/08/23,18:47:46 -4:00 GMT,10.10.2.110:80,xxx.xx.96.7:64194,TCP (flags:S) FWIN,2002/08/23,18:47:46 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:13928,TCP (flags:S) FWIN,2002/08/23,18:47:56 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:6601,TCP (flags:S) FWIN,2002/08/23,18:47:56 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:9176,TCP (flags:S) FWIN,2002/08/23,18:47:58 -4:00 GMT,10.10.2.105:80,xxx.xx.96.7:16797,TCP (flags:S) FWIN,2002/08/23,18:47:58 -4:00 GMT,10.10.2.107:80,xxx.xx.96.7:5692,TCP (flags:S) FWIN,2002/08/23,18:48:00 -4:00 GMT,10.60.1.103:80,xxx.xx.96.7:13290,TCP (flags:S) FWIN,2002/08/23,18:48:00 -4:00 GMT,10.10.2.109:80,xxx.xx.96.7:48388,TCP (flags:S) FWIN,2002/08/23,18:48:02 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:12516,TCP (flags:S) FWIN,2002/08/23,18:48:02 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:61199,TCP (flags:S) FWIN,2002/08/23,18:48:02 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:52484,TCP (flags:S) FWIN,2002/08/23,18:48:14 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:6601,TCP (flags:S) FWIN,2002/08/23,18:48:16 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:9176,TCP (flags:S) FWIN,2002/08/23,18:48:16 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:44131,TCP (flags:S) FWIN,2002/08/23,18:48:20 -4:00 GMT,10.10.2.105:80,xxx.xx.96.7:13682,TCP (flags:S) FWIN,2002/08/23,18:48:20 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:12156,TCP (flags:S) FWIN,2002/08/23,18:48:22 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:33730,TCP (flags:S) FWIN,2002/08/23,18:48:22 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:61199,TCP (flags:S) FWIN,2002/08/23,18:48:24 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:52484,TCP (flags:S) FWIN,2002/08/23,18:48:26 -4:00 GMT,10.10.2.110:80,xxx.xx.96.7:64194,TCP (flags:S) FWIN,2002/08/23,18:48:26 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:13928,TCP (flags:S) FWIN,2002/08/23,18:48:26 -4:00 GMT,10.10.2.105:80,xxx.xx.96.7:16797,TCP (flags:S) FWIN,2002/08/23,18:48:26 -4:00 GMT,10.10.2.107:80,xxx.xx.96.7:5692,TCP (flags:S) FWIN,2002/08/23,18:48:28 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:6601,TCP (flags:S) FWIN,2002/08/23,18:48:28 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:9176,TCP (flags:S) FWIN,2002/08/23,18:48:28 -4:00 GMT,10.10.2.109:80,xxx.xx.96.7:48388,TCP (flags:S) FWIN,2002/08/23,18:48:28 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:12516,TCP (flags:S) FWIN,2002/08/23,18:48:30 -4:00 GMT,10.10.2.109:80,xxx.xx.96.7:44131,TCP (flags:S) FWIN,2002/08/23,18:48:32 -4:00 GMT,10.60.1.103:80,xxx.xx.96.7:13290,TCP (flags:S) FWIN,2002/08/23,18:48:32 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:33730,TCP (flags:S) FWIN,2002/08/23,18:48:32 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:61199,TCP (flags:S) FWIN,2002/08/23,18:48:34 -4:00 GMT,10.10.2.112:80,xxx.xx.96.7:59112,TCP (flags:S) FWIN,2002/08/23,18:48:44 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:44131,TCP (flags:S) FWIN,2002/08/23,18:48:48 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:53605,TCP (flags:S) FWIN,2002/08/23,18:49:06 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:44517,TCP (flags:S) FWIN,2002/08/23,18:49:10 -4:00 GMT,10.10.2.105:80,xxx.xx.96.7:13682,TCP (flags:S) FWIN,2002/08/23,18:49:12 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:12156,TCP (flags:S) FWIN,2002/08/23,18:49:12 -4:00 GMT,10.10.2.109:80,xxx.xx.96.7:28165,TCP (flags:S) FWIN,2002/08/23,18:49:14 -4:00 GMT,10.10.2.110:80,xxx.xx.96.7:64194,TCP (flags:S) FWIN,2002/08/23,18:49:14 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:13928,TCP (flags:S) FWIN,2002/08/23,18:49:16 -4:00 GMT,10.10.2.105:80,xxx.xx.96.7:16797,TCP (flags:S) FWIN,2002/08/23,18:49:16 -4:00 GMT,10.10.2.107:80,xxx.xx.96.7:5692,TCP (flags:S) FWIN,2002/08/23,18:49:16 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:53605,TCP (flags:S) FWIN,2002/08/23,18:49:18 -4:00 GMT,10.10.2.109:80,xxx.xx.96.7:48388,TCP (flags:S) FWIN,2002/08/23,18:49:18 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:12516,TCP (flags:S) FWIN,2002/08/23,18:49:18 -4:00 GMT,10.10.2.109:80,xxx.xx.96.7:44131,TCP (flags:S) FWIN,2002/08/23,18:49:30 -4:00 GMT,10.10.2.105:80,xxx.xx.96.7:24023,TCP (flags:S) FWIN,2002/08/23,18:49:32 -4:00 GMT,10.10.2.112:80,xxx.xx.96.7:59112,TCP (flags:S) FWIN,2002/08/23,18:49:34 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:44131,TCP (flags:S) FWIN,2002/08/23,18:49:36 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:44517,TCP (flags:S) FWIN,2002/08/23,18:49:38 -4:00 GMT,10.10.2.111:80,xxx.xx.96.7:34705,TCP (flags:S) FWIN,2002/08/23,18:49:38 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:52067,TCP (flags:S) FWIN,2002/08/23,18:50:00 -4:00 GMT,10.10.2.105:80,xxx.xx.96.7:24023,TCP (flags:S) FWIN,2002/08/23,18:50:10 -4:00 GMT,10.10.2.105:80,xxx.xx.96.7:13682,TCP (flags:S) FWIN,2002/08/23,18:50:10 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:12156,TCP (flags:S) FWIN,2002/08/23,18:50:14 -4:00 GMT,10.10.2.110:80,xxx.xx.96.7:64194,TCP (flags:S) FWIN,2002/08/23,18:50:14 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:13928,TCP (flags:S) FWIN,2002/08/23,18:50:14 -4:00 GMT,10.10.2.105:80,xxx.xx.96.7:16797,TCP (flags:S) FWIN,2002/08/23,18:50:16 -4:00 GMT,10.10.2.107:80,xxx.xx.96.7:5692,TCP (flags:S) FWIN,2002/08/23,18:50:16 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:53605,TCP (flags:S) FWIN,2002/08/23,18:50:16 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:53605,TCP (flags:S) FWIN,2002/08/23,18:50:18 -4:00 GMT,10.10.2.109:80,xxx.xx.96.7:48388,TCP (flags:S) FWIN,2002/08/23,18:50:18 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:12516,TCP (flags:S) FWIN,2002/08/23,18:50:18 -4:00 GMT,10.10.2.109:80,xxx.xx.96.7:44131,TCP (flags:S) FWIN,2002/08/23,18:50:32 -4:00 GMT,10.10.2.112:80,xxx.xx.96.7:59112,TCP (flags:S) FWIN,2002/08/23,18:50:34 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:44131,TCP (flags:S) FWIN,2002/08/23,18:50:36 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:44517,TCP (flags:S) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- What's going on here? Jackie (Aug 26)
- <Possible follow-ups>
- RE: What's going on here? Yonatan Bokovza (Aug 26)
- RE: What's going on here? Russell Fulton (Aug 27)
- RE: What's going on here? Hugo van der Kooij (Aug 28)
- Re: What's going on here? Mark (Aug 28)
- RE: What's going on here? Russell Fulton (Aug 27)
- RE: What's going on here? NESTING, DAVID M (SBCSI) (Aug 26)
- Re: What's going on here? wykkyd (Aug 26)
- Re: What's going on here? wykkyd (Aug 29)