Security Incidents mailing list archives
RE: Scanned on 16 TCP ports, anyone seen this before?
From: "Lawrence Baldwin" <baldwinL () mynetwatchman com>
Date: Mon, 2 Feb 2004 16:25:10 -0500
Yeah, very odd in deed...definitely pretty prolific...have had > 20 mNW users report this IP, over 20,000 events total...looks like he's hitting the same port (sets) here too....a high percentage have a *src* port of 18765 http://www.mynetwatchman.com/LID.asp?IID=72800353 Lawrence Baldwin myNetWatchman.com -----Original Message----- From: Kevin Patz [mailto:jambo_cat () yahoo com] Sent: Monday, February 02, 2004 14:21 To: incidents () securityfocus com Subject: Scanned on 16 TCP ports, anyone seen this before? I noticed this when I was perusing the packet log on my Linux box. These scans all occurred at 2/2/04 13:21:10 EST. The source IP was 65.177.48.74, RDNS is sdn-ap-024txhousP0074.dialsprint.net. Source port is 18765, all TCP SYNs, same TTL. Destination ports, in order by packet sequence #, are: 24215, 15859, 24759, 80, 2589, 32745, 18754, 14784, 18462, 8080, 26859, 17547, 3128, 1029, 27784, 6588 Of these destination ports, the only "familiar" ones are 80 (http), 2589 (Dagger), 3129 (Squid), 6588 (AnalogX), 8080 (WebCache), and 1029 (ICQ). Has anyone else seen scans like this? Any ideas as to its purpose? I've seen Ring Zero and proxy scans but this one hit quite a few odd ports. Maybe a spammer looking for an open proxy? KJP ===== I see dumb people... ...they're everywhere... ...they walk around like everyone else... ...they don't even know that they're dumb. __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/ --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Scanned on 16 TCP ports, anyone seen this before? Kevin Patz (Feb 02)
- RE: Scanned on 16 TCP ports, anyone seen this before? Lawrence Baldwin (Feb 03)