Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Snort-sigs] Scan on tcp 13000

From: Jeff Kell <jeff-kell () utc edu>
Date: Tue, 18 Feb 2003 01:57:13 -0500
Michael Scheidell wrote:


Has anyone else seen any tcp scans with both source and destination ports of
13000, SYN flag set, and a sequence ID of 674711609? 


Yep, coming out of columbia.edu.


I had 1702 hits in one tarpit, let me see if they're still stuck...
nope, but they should have been reported to DShield... yes!

source port = 13000, dest port = 13000

Source:  128.59.52.11 = mrl-sgi.mech.columbia.edu

Ended about 21:59 (UTC? Not sure what DShield reports)

Jeff


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: