Security Basics mailing list archives
Re: Strange Connection Attempts
From: Charles Hamby <fixer () gci net>
Date: Tue, 18 Feb 2003 18:50:19 -0900
I've been seeing 17300 scans from many places outside of Asia, actually. I just had one today that I traced back to somewhere around LA, so they definitely are getting to other time zones, I've been seeing scans from Comcast, AT&T, and a couple of others. But, as you say, in all of the packets I've captured, none of them have any payload. It's a little odd. -CDH -----Original Message----- From: Kinsey, Robert [mailto:Robert.Kinsey () Veridian com] Sent: Monday, February 17, 2003 2:39 PM Cc: 'security-basics () securityfocus com ' Subject: RE: Strange Connection Attempts I also saw the 17300 (which is the port Kuang 2 the virus runs on). But they were all coming from Asia (about 0800 their time) and never progressed. I was thinking it was a launch attempt on the 14th but no other TZs showed up. My feeling is if these are all 0-byte length probes they aren't doing much. Just ensure these ports / services are set to drop the connections fitting the description. rk
Current thread:
- Strange Connection Attempts Hankes, Christopher A (Feb 14)
- <Possible follow-ups>
- RE: Strange Connection Attempts Keith T. Morgan (Feb 17)
- RE: Strange Connection Attempts Tim Heagarty (Feb 17)
- RE: Strange Connection Attempts Kinsey, Robert (Feb 18)
- RE: Strange Connection Attempts fixer (Feb 18)
- Re: Strange Connection Attempts Charles Hamby (Feb 19)
- RE: Strange Connection Attempts Trevor Cushen (Feb 20)
- Windows 2000 Server Attacks Paul Stewart (Feb 20)
- Re: Windows 2000 Server Attacks Su Wadlow (Feb 22)
- Windows 2000 Server Attacks Paul Stewart (Feb 20)