Snort mailing list archives
nmap to port 36688
From: Mike Cojocea <msc39 () georgetown edu>
Date: Mon, 15 Sep 2003 15:15:17 -0400
Hello, Now and then I see nmap scans to port 36688 to a web server running *NIX. Only a web server was "targeted". Was puzzles me is that the source ports are 80, 81 or 83. Does somebody have an explanation for this scan? Thanks, Mike 09/14-06:36:45.129936 [**] [1:628:2] SCAN nmap TCP [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 61.232.48.66:80 -> my.net:36688 09/14-06:36:45.414710 [**] [1:628:2] SCAN nmap TCP [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 202.102.145.229:81 -> my.net:36688 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= [**] [1:628:2] SCAN nmap TCP [**] [Classification: Attempted Information Leak] [Priority: 2] [Xref => http://www.whitehats.com/info/IDS28] Event ID: 1672 Event Reference: 1672 09/14/03-10:36:45.414710 202.102.145.229:81 -> my.net:36688 TCP TTL:41 TOS:0x0 ID:7715 IpLen:20 DgmLen:40 ***A**** Seq: 0x2C6 Ack: 0x0 Win: 0x578 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] [1:628:2] SCAN nmap TCP [**] [Classification: Attempted Information Leak] [Priority: 2] [Xref => http://www.whitehats.com/info/IDS28] Event ID: 1672 Event Reference: 1672 09/14/03-10:36:45.414710 202.102.145.229:81 -> my.net:36688 TCP TTL:41 TOS:0x0 ID:7715 IpLen:20 DgmLen:40 ***A**** Seq: 0x2C6 Ack: 0x0 Win: 0x578 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- nmap to port 36688 Mike Cojocea (Sep 15)