Security Incidents mailing list archives
Scanned on 16 TCP ports, anyone seen this before?
From: Kevin Patz <jambo_cat () yahoo com>
Date: Mon, 2 Feb 2004 11:21:04 -0800 (PST)
I noticed this when I was perusing the packet log on my Linux box. These scans all occurred at 2/2/04 13:21:10 EST. The source IP was 65.177.48.74, RDNS is sdn-ap-024txhousP0074.dialsprint.net. Source port is 18765, all TCP SYNs, same TTL. Destination ports, in order by packet sequence #, are: 24215, 15859, 24759, 80, 2589, 32745, 18754, 14784, 18462, 8080, 26859, 17547, 3128, 1029, 27784, 6588 Of these destination ports, the only "familiar" ones are 80 (http), 2589 (Dagger), 3129 (Squid), 6588 (AnalogX), 8080 (WebCache), and 1029 (ICQ). Has anyone else seen scans like this? Any ideas as to its purpose? I've seen Ring Zero and proxy scans but this one hit quite a few odd ports. Maybe a spammer looking for an open proxy? KJP ===== I see dumb people... ...they're everywhere... ...they walk around like everyone else... ...they don't even know that they're dumb. __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Scanned on 16 TCP ports, anyone seen this before? Kevin Patz (Feb 02)
- RE: Scanned on 16 TCP ports, anyone seen this before? Lawrence Baldwin (Feb 03)