Security Basics mailing list archives
RE: Outbound Port scans, ports 3800+
From: "some guy" <someguy_555 () hotmail com>
Date: Wed, 20 Aug 2003 23:26:40 +0000
Hey,I have had a situation like this before. For me it was the case that my firewall wasn't tracking connections properly (stateful tracking?) , and hence it was resending data on various ports trying to get through, but it was being blocked. In my case it was DNS requests that were not getting through. I guess you should check on the computers that are getting scanned whether any internet service is not working and also have a look at the actual data contained in the rejected packets.
Hope that helps. -Scott
From: Meidinger Chris <chris.meidinger () badenit de>To: 'Dean Saxe' <Dean.Saxe () magnetbanking com>,security-basics () securityfocus comSubject: RE: Outbound Port scans, ports 3800+ Date: Wed, 20 Aug 2003 10:17:39 +0100 Can you find the process that is doing the scanning, i.e. owns the local ports? badenIT GmbH System Support Chris Meidinger Tullastrasse 70 79108 Freiburg -----Original Message----- From: Dean Saxe [mailto:Dean.Saxe () magnetbanking com] Sent: Tuesday, August 19, 2003 9:08 PM To: security-basics () securityfocus com Subject: Outbound Port scans, ports 3800+ I have a server which has recently started scanning two IP addresses onports 3800 and higher. I can find no information online regarding any wormsor any malware which may be causing these port scans to occur. Is anyone aware of what may be causing this behavior? Thanks in advance for your help. -dhs Dean H. Saxe Senior Software Engineer Web Application Security Team Lead Magnet Communications Dean.Saxe () magnetbanking com 404.592.8515 CONFIDENTIALITY NOTICE: This message and any attachment is solely for the use of the individual or entity to which this message is addressed and contains information that is confidential. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, disclosure, copying, distribution or the taking of any action in reliance on the contents of this communication by persons or entities other than the intended recipient is strictly prohibited. If you have received this email in error, please contact the sender and delete the material from any computer. --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
_________________________________________________________________ninemsn Extra Storage is now available. Get larger attachments - send/receive up to 3MB attachments (up to three times more per e-mail). Click here http://join.msn.com/
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Outbound Port scans, ports 3800+ Dean Saxe (Aug 19)
- <Possible follow-ups>
- RE: Outbound Port scans, ports 3800+ Meidinger Chris (Aug 20)
- RE: Outbound Port scans, ports 3800+ some guy (Aug 20)
- ANVIL FCS (A new IDS + Forensic Collection System) -SIMON- (Aug 25)