Snort mailing list archives
Re: [Snort-sigs] Scan on tcp 13000
From: Jeff Kell <jeff-kell () utc edu>
Date: Tue, 18 Feb 2003 01:57:13 -0500
Michael Scheidell wrote:
Has anyone else seen any tcp scans with both source and destination ports of 13000, SYN flag set, and a sequence ID of 674711609?Yep, coming out of columbia.edu.
I had 1702 hits in one tarpit, let me see if they're still stuck... nope, but they should have been reported to DShield... yes! source port = 13000, dest port = 13000 Source: 128.59.52.11 = mrl-sgi.mech.columbia.edu Ended about 21:59 (UTC? Not sure what DShield reports) Jeff ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Scan on tcp 13000 Bob Dehnhardt (Feb 17)
- Re: [Snort-sigs] Scan on tcp 13000 Michael Scheidell (Feb 17)
- Re: [Snort-sigs] Scan on tcp 13000 Jeff Kell (Feb 17)
- Re: [Snort-sigs] Scan on tcp 13000 Michael Scheidell (Feb 17)