Security Basics mailing list archives

RE: Whats happening on port 3123

From: "Dominick.S" <dsardina () si rr com>
Date: Tue, 10 Jun 2003 08:57:03 -0400
Didn't setup a sniffer yet, - this is from the firewall logs.

2003-06-10 08:44:53 Dropping ICMP error message. Original UDP from
66.68.204.161:2538 to 24.168.19.7:3123 192.168.1.2 66.68.204.161 3/ICMP  
2003-06-10 08:24:22 Dropping ICMP error message. Original UDP from
157.158.163.63:2387 to 24.168.19.7:3123 192.168.1.2 157.158.163.63 3/ICMP  
2003-06-10 08:11:31 Dropping ICMP error message. Original UDP from
24.46.218.29:2850 to 24.168.19.7:3123 192.168.1.2 24.46.218.29 3/ICMP  
2003-06-10 07:47:57 Match Web Filter Policy, dropping packet
192.168.1.102:3346 216.239.57.101:80 HTTP  
2003-06-10 07:44:28 Dropping ICMP error message. Original UDP from
199.106.211.60:53299 to 24.168.19.7:2090 192.168.1.2 199.106.211.60 3/ICMP  
2003-06-10 07:27:57 Dropping ICMP error message. Original UDP from
24.164.116.171:2897 to 24.168.19.7:3123 192.168.1.2 24.164.116.171 3/ICMP  
2003-06-10 07:09:14 Dropping ICMP error message. Original UDP from
66.68.204.161:2538 to 24.168.19.7:3123 192.168.1.2 66.68.204.161 3/ICMP  
2003-06-10 06:42:38 Dropping ICMP error message. Original UDP from
66.68.204.161:2538 to 24.168.19.7:3123 192.168.1.2 66.68.204.161 3/ICMP  
2003-06-10 06:10:04 Dropping ICMP error message. Original UDP from
66.68.204.161:2538 to 24.168.19.7:3123 192.168.1.2 66.68.204.161 3/ICMP  
2003-06-10 05:41:23 Dropping ICMP error message. Original UDP from
66.68.204.161:2538 to 24.168.19.7:3123 192.168.1.2 66.68.204.161 3/ICMP  
2003-06-10 04:57:41 Dropping ICMP error message. Original UDP from
66.68.204.161:2538 to 24.168.19.7:3123 192.168.1.2 66.68.204.161 3/ICMP  
2003-06-10 04:19:06 Dropping ICMP error message. Original UDP from
66.68.204.161:2538 to 24.168.19.7:3123 192.168.1.2 66.68.204.161 3/ICMP  
2003-06-10 03:45:17 Dropping ICMP error message. Original UDP from
152.19.197.43:1966 to 24.168.19.7:3123 192.168.1.2 152.19.197.43 3/ICMP  
2003-06-10 03:23:01 Dropping ICMP error message. Original UDP from
152.19.197.43:1966 to 24.168.19.7:3123 192.168.1.2 152.19.197.43 3/ICMP  
2003-06-10 02:46:07 Dropping ICMP error message. Original UDP from
199.106.234.11:1181 to 24.168.19.7:2090 192.168.1.2 199.106.234.11 3/ICMP  
2003-06-10 02:35:04 Dropping ICMP error message. Original UDP from
152.19.197.43:1966 to 24.168.19.7:3123 192.168.1.2 152.19.197.43 3/ICMP  
2003-06-10 02:05:59 Dropping ICMP error message. Original UDP from
152.19.197.43:1966 to 24.168.19.7:3123 192.168.1.2 152.19.197.43 3/ICMP  
2003-06-10 01:33:31 Match Web Filter Policy, dropping packet
192.168.1.103:1751 199.106.234.144:80 HTTP  
2003-06-10 01:23:04 Dropping ICMP error message. Original UDP from
66.176.192.82:2550 to 24.168.19.7:3123 192.168.1.2 66.176.192.82 3/ICMP  
2003-06-10 01:07:35 Dropping ICMP error message. Original UDP from
66.176.192.82:2550 to 24.168.19.7:3123 192.168.1.2 66.176.192.82 3/ICMP  
2003-06-10 01:04:13 Dropping ICMP error message. Original UDP from
64.12.56.169:26868 to 24.168.19.7:6970 192.168.1.2 64.12.56.169 3/ICMP  
2003-06-10 00:54:00 Dropping ICMP error message. Original UDP from
66.176.192.82:2550 to 24.168.19.7:3123 192.168.1.2 66.176.192.82 3/ICMP  
2003-06-10 00:41:37 Dropping ICMP error message. Original UDP from
66.176.192.82:2550 to 24.168.19.7:3123 192.168.1.2 66.176.192.82 3/ICMP  
2003-06-10 00:24:58 Invalid TCP packet received, dropping packet
24.168.136.10:80 24.168.19.7:1654 1654/TCP  
2003-06-10 00:19:19 Invalid TCP packet received, dropping packet
24.168.136.17:80 24.168.19.7:1629 1629/TCP  
2003-06-10 00:13:17 Invalid TCP packet received, dropping packet
24.168.136.10:80 24.168.19.7:1631 1631/TCP  
2003-06-10 00:08:42 Invalid TCP packet received, dropping packet
24.168.136.10:80 24.168.19.7:1631 1631/TCP  
2003-06-10 00:08:03 Invalid TCP packet received, dropping packet
24.168.136.17:80 24.168.19.7:1629 1629/TCP  
2003-06-10 00:07:51 Invalid TCP packet received, dropping packet
24.168.136.17:80 24.168.19.7:1629 1629/TCP  
2003-06-10 00:00:59 Dropping ICMP error message. Original UDP from
217.69.253.126:3141 to 24.168.19.7:3123 192.168.1.2 217.69.253.126 3/ICMP  
2003-06-09 23:28:38 Dropping ICMP error message. Original UDP from
66.65.169.142:3565 to 24.168.19.7:3123 192.168.1.2 66.65.169.142 3/ICMP  
2003-06-09 23:20:07 Dropping ICMP error message. Original UDP from
66.65.169.142:3565 to 24.168.19.7:3123 192.168.1.2 66.65.169.142 3/ICMP  
2003-06-09 23:09:15 Dropping ICMP error message. Original UDP from
24.190.182.133:2417 to 24.168.19.7:3123 192.168.1.2 24.190.182.133 3/ICMP  
2003-06-09 22:37:03 Dropping ICMP error message. Original UDP from
66.135.139.30:2242 to 24.168.19.7:3123 192.168.1.2 66.135.139.30 3/ICMP  
2003-06-09 21:54:20 Dropping ICMP error message. Original UDP from
199.106.234.18:4866 to 24.168.19.7:2090 192.168.1.2 199.106.234.18 3/ICMP  
2003-06-09 21:35:58 Dropping ICMP error message. Original UDP from
66.135.139.30:2242 to 24.168.19.7:3123 192.168.1.2 66.135.139.30 3/ICMP  
2003-06-09 20:39:37 Dropping ICMP error message. Original UDP from
24.78.208.95:2795 to 24.168.19.7:3123 192.168.1.2 24.78.208.95 3/ICMP  
2003-06-09 20:05:11 Dropping ICMP error message. Original UDP from
66.135.139.30:2242 to 24.168.19.7:3123 192.168.1.2 66.135.139.30 3/ICMP  
2003-06-09 19:33:02 Dropping ICMP error message. Original UDP from
217.228.116.27:1737 to 24.168.19.7:3123 192.168.1.2 217.228.116.27 3/ICMP  
2003-06-09 19:18:15 Dropping ICMP error message. Original UDP from
213.112.153.72:1782 to 24.168.19.7:3123 192.168.1.2 213.112.153.72 3/ICMP  
2003-06-09 19:08:38 Dropping ICMP error message. Original UDP from
213.112.153.72:1782 to 24.168.19.7:3123 192.168.1.2 213.112.153.72 3/ICMP  
2003-06-09 18:45:35 Dropping ICMP error message. Original UDP from
213.112.153.72:1782 to 24.168.19.7:3123 192.168.1.2 213.112.153.72 3/ICMP  
2003-06-09 18:26:34 Dropping ICMP error message. Original UDP from
66.25.251.10:2028 to 24.168.19.7:3123 192.168.1.2 66.25.251.10 3/ICMP  
2003-06-09 18:05:57 Dropping ICMP error message. Original UDP from
213.112.153.72:1782 to 24.168.19.7:3123 192.168.1.2 213.112.153.72 3/ICMP  
2003-06-09 17:45:31 Dropping ICMP error message. Original UDP from
131.111.235.164:2890 to 24.168.19.7:3123 192.168.1.2 131.111.235.164 3/ICMP

2003-06-09 17:20:31 Dropping ICMP error message. Original UDP from
24.45.81.142:3929 to 24.168.19.7:3123 192.168.1.2 24.45.81.142 3/ICMP  
2003-06-09 16:41:31 Match Web Filter Policy, dropping packet
192.168.1.103:1093 199.106.234.158:80 HTTP  
2003-06-09 16:40:07 Dropping ICMP error message. Original UDP from
195.162.212.99:2308 to 24.168.19.7:3123 192.168.1.2 195.162.212.99 3/ICMP  
2003-06-09 16:24:01 Dropping ICMP error message. Original UDP from
195.162.212.99:2308 to 24.168.19.7:3123 192.168.1.2 195.162.212.99 3/ICMP  
2003-06-09 16:01:48 Dropping ICMP error message. Original UDP from
66.25.251.10:2028 to 24.168.19.7:3123 192.168.1.2 66.25.251.10 3/ICMP  
2003-06-09 15:38:06 Dropping ICMP error message. Original UDP from
81.226.118.178:2991 to 24.168.19.7:3123 192.168.1.2 81.226.118.178 3/ICMP  
2003-06-09 15:20:31 Dropping ICMP error message. Original UDP from
66.25.251.10:2028 to 24.168.19.7:3123 192.168.1.2 66.25.251.10 3/ICMP  
2003-06-09 15:10:00 Dropping ICMP error message. Original UDP from
195.162.211.52:1214 to 24.168.19.7:3123 192.168.1.2 195.162.211.52 3/ICMP  
2003-06-09 14:40:04 Dropping ICMP error message. Original UDP from
66.31.120.160:3533 to 24.168.19.7:3123 192.168.1.2 66.31.120.160 3/ICMP  
2003-06-09 14:04:53 Dropping ICMP error message. Original UDP from
66.25.251.10:2028 to 24.168.19.7:3123 192.168.1.2 66.25.251.10 3/ICMP  
2003-06-09 13:38:29 Dropping ICMP error message. Original UDP from
195.162.211.52:1214 to 24.168.19.7:3123 192.168.1.2 195.162.211.52 3/ICMP  
2003-06-09 13:08:54 Dropping ICMP error message. Original UDP from
195.162.211.52:1214 to 24.168.19.7:3123 192.168.1.2 195.162.211.52 3/ICMP  
2003-06-09 13:01:32 Match Web Filter Policy, dropping packet
192.168.1.100:1055 66.35.210.47:80 HTTP  
2003-06-09 12:57:08 Dropping ICMP error message. Original UDP from
66.25.251.10:2028 to 24.168.19.7:3123 192.168.1.2 66.25.251.10 3/ICMP  
2003-06-09 12:42:27 Dropping ICMP error message. Original UDP from
66.25.251.10:2028 to 24.168.19.7:3123 192.168.1.2 66.25.251.10 3/ICMP  
2003-06-09 12:15:37 Dropping ICMP error message. Original UDP from
195.162.211.52:1214 to 24.168.19.7:3123 192.168.1.2 195.162.211.52 3/ICMP  
2003-06-09 11:40:05 Dropping ICMP error message. Original UDP from
66.57.144.117:2660 to 24.168.19.7:3123 192.168.1.2 66.57.144.117 3/ICMP  
2003-06-09 11:28:44 Dropping ICMP error message. Original UDP from
66.57.144.117:2660 to 24.168.19.7:3123 192.168.1.2 66.57.144.117 3/ICMP  
2003-06-09 10:45:36 Dropping ICMP error message. Original UDP from
66.31.242.222:1580 to 24.168.19.7:3123 192.168.1.2 66.31.242.222 3/ICMP  
2003-06-09 10:15:39 Dropping ICMP error message. Original UDP from
63.229.176.61:15487 to 24.168.19.7:1027 192.168.1.2 63.229.176.61 3/ICMP  
2003-06-09 09:44:06 Match Web Filter Policy, dropping packet
192.168.1.102:3365 207.46.189.15:80 HTTP  
2003-06-09 09:43:14 Dropping ICMP error message. Original UDP from
68.1.74.158:2745 to 24.168.19.7:3123 192.168.1.2 68.1.74.158 3/ICMP  
2003-06-09 09:31:21 Dropping ICMP error message. Original UDP from
68.1.74.158:2745 to 24.168.19.7:3123 192.168.1.2 68.1.74.158 3/ICMP  
2003-06-09 09:13:09 Dropping ICMP error message. Original UDP from
68.1.74.158:2745 to 24.168.19.7:3123 192.168.1.2 68.1.74.158 3/ICMP  
2003-06-09 08:59:15 Dropping ICMP error message. Original UDP from
81.96.101.254:1214 to 24.168.19.7:3123 192.168.1.2 81.96.101.254 3/ICMP  

-----Original Message-----
From: Roger A. Grimes [mailto:rogerg () cox net] 
Sent: Monday, June 09, 2003 8:27 PM
To: Dominick.S
Subject: RE: Whats happening on port 3123 


Take a sniff and give us details.

-----Original Message-----
From: Dominick.S [mailto:dsardina () si rr com]
Sent: Saturday, June 07, 2003 5:23 PM
To: security-basics () securityfocus com
Subject: Whats happening on port 3123


Hey:

Been getting lots of probs on port 3123, new attack patterns? Anyone else
getting hit?

62.142.201.6 3123
66.135.151.148 3123
24.46.247.156 3123
65.27.102.185 3123
24.47.209.169 3123
66.135.151.148 3123
24.46.247.156 3123
81.225.81.218 3123
81.225.81.218 3123
66.135.151.148 3123
66.135.151.148 3123
24.149.28.10 3123
66.135.151.148 3123
24.31.199.48 3123
81.226.4.226 3123
66.135.151.148 3123
66.135.151.148 3123
217.228.246.49 80
24.222.74.148 445
66.67.243.240 445
65.33.154.203 80
66.135.151.148 3123
81.225.81.218 3123
66.135.151.148 3123
81.225.81.218 3123
66.135.151.148 3123
66.108.113.100 80
66.135.151.148 3123
24.168.50.216 445
213.100.165.174 3123
211.99.137.135 135
66.135.151.148 3123
81.66.2.206 3123
66.135.151.148 3123
81.66.2.206 3123
66.135.151.148 3123
81.66.2.206 3123
66.135.151.148 3123
24.222.74.148 445
66.67.243.240 445
24.222.74.148 445
66.67.243.240 445
66.65.150.77 80
216.56.2.6 135
68.57.107.38 445
81.225.81.218 3123
66.135.151.148 3123
67.3.213.249 1243
67.3.213.249 27374
67.3.213.249 12345
62.13.25.240 3123
66.135.151.148 3123
24.168.50.216 445
213.89.166.34 3123
66.135.151.148 3123
24.149.28.10 3123
62.13.25.240 3123
24.149.28.10 3123
62.13.25.240 3123
24.149.28.10 3123
62.13.25.240 3123
66.135.151.148 3123
194.237.242.238 3123
68.57.107.38 445
66.68.59.99 3123

Was just wondering if anyone can shine some light on this.

Thnx-


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant, while
InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------



---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Current thread:

Whats happening on port 3123 Dominick.S (Jun 09)
- Re: Whats happening on port 3123 Fabio Panigatti (Jun 10)
- <Possible follow-ups>
- RE: Whats happening on port 3123 Dominick.S (Jun 10)