Educause Security Discussion mailing list archives
Previous Thread on Increased Probes
From: Lois Lehman <LOIS.LEHMAN () ASU EDU>
Date: Fri, 23 Jul 2004 07:40:03 -0700
Sorry to bring this up again but a colleague at another university has asked me if anyone has seen a recent flood of attacks on their address space similar to what he experienced a couple of weeks ago. I remember there was some talk, maybe on this list, about seeing incoming packets from many sources with numbers near a thousand. But in cleaning out my Inbox after a vacation, I must have deleted that information. Here is a sample of some of the traffic from one source found in his logs: Jul 9 21:21:54 gateway 1305838: 2d14h: %SEC-6-IPACCESSLOGP: list 120 permitted tcp 68.100.46.121(41085) -> xxx.xxx.2.10(23), 1 packet Jul 9 21:21:54 gateway 1305839: 2d14h: %SEC-6-IPACCESSLOGP: list 120 permitted tcp 68.100.46.121(41085) -> xxx.xxx.2.10(23), 1 packet Jul 9 21:21:54 gateway 1305841: 2d14h: %SEC-6-IPACCESSLOGP: list 120 permitted tcp 68.100.46.121(41085) -> xxx.xxx.2.10(23), 1 packet Jul 9 21:21:55 gateway 1305842: 2d14h: %SEC-6-IPACCESSLOGP: list 120 permitted tcp 68.100.46.121(41085) -> xxx.xxx.2.10(23), 1 packet Jul 9 21:21:55 gateway 1305843: 2d14h: %SEC-6-IPACCESSLOGP: list 120 permitted tcp 68.100.46.121(41085) -> xxx.xxx.2.10(23), 2 packets Jul 9 21:21:55 gateway 1305845: 2d14h: %SEC-6-IPACCESSLOGP: list 120 permitted tcp 68.100.46.121(41085) -> xxx.xxx.2.10(23), 1 packet Jul 9 21:21:55 gateway 1305846: 2d14h: %SEC-6-IPACCESSLOGP: list 120 permitted tcp 68.100.46.121(41085) -> xxx.xxx.2.10(23), 1 packet Jul 9 21:21:55 gateway 1305848: 2d14h: %SEC-6-IPACCESSLOGP: list 120 permitted tcp 68.100.46.121(41085) -> xxx.xxx.2.10(23), 1 packet Jul 9 21:21:55 gateway 1305849: 2d14h: %SEC-6-IPACCESSLOGP: list 120 permitted tcp 68.100.46.121(41085) -> xxx.xxx.2.10(23), 2 packets Jul 9 21:21:55 gateway 1305850: 2d14h: %SEC-6-IPACCESSLOGP: list 120 permitted tcp 68.100.46.121(41085) -> xxx.xxx.2.10(23), 1 packet Jul 9 21:21:56 gateway 1305852: 2d14h: %SEC-6-IPACCESSLOGP: list 120 permitted tcp 68.100.46.121(41085) -> xxx.xxx.2.10(23), 1 packet Jul 9 21:21:56 gateway 1305853: 2d14h: %SEC-6-IPACCESSLOGP: list 120 permitted tcp 68.100.46.121(41085) -> xxx.xxx.2.10(23), 1 packet Jul 9 21:21:56 gateway 1305856: 2d14h: %SEC-6-IPACCESSLOGP: list 120 permitted tcp 68.100.46.121(41085) -> xxx.xxx.2.10(23), 2 packets Is this what others were seeing, an attack on port 23? Has anyone determined the purpose of this flood? Thanks! Lois Lehman College Network Security Manager Physical Sciences Computer Support Manager College of Liberal Arts & Sciences Arizona State University 480-965-3139 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Previous Thread on Increased Probes Lois Lehman (Jul 23)
- <Possible follow-ups>
- Re: Previous Thread on Increased Probes Robin Jacobsen (Jul 23)