Security Incidents mailing list archives
Re: UDP Port Sweep question
From: Tim <tim-forensics () sentinelchicken org>
Date: Wed, 29 Dec 2004 14:24:37 -0500
Here is some more info regarding the port sweeps. The port the client is being hit on seems to vary. The client is being hit on the same 8 port range from each IP port 33434-33460. All 3 sensors from the 3 different clients show the same destination port range. The sensors are cisco IDS sensors and I am unsure as to how to get the actual packet from the event.
Looks like it might just bee traceroutes to me: http://linux-ip.net/html/tools-traceroute.html Do these companies have anyone monitoring their connectivity from the outside? tim
Current thread:
- UDP Port Sweep question Billy Dodson (Dec 28)
- Re: UDP Port Sweep question Tim (Dec 29)
- Re: UDP Port Sweep question Kyle Maxwell (Dec 29)
- Re: UDP Port Sweep question Ron (Dec 29)
- <Possible follow-ups>
- Re: UDP Port Sweep question Don Parker (Dec 29)
- RE: UDP Port Sweep question Billy Dodson (Dec 29)
- RE: UDP Port Sweep question David Gillett (Dec 29)
- Re: UDP Port Sweep question Tim (Dec 29)
- RE: UDP Port Sweep question Jack McCarthy (Dec 29)
- RE: UDP Port Sweep question Benjamin Franz (Dec 29)
- RE: UDP Port Sweep question Colby DeRodeff (Dec 29)
- Re: UDP Port Sweep question Francesca Smith (Dec 30)