Firewall Wizards mailing list archives

Re: repetitive port scanning, why?

From: Siglite <siglite () criticalstop com>
Date: Wed, 4 Aug 1999 22:21:55 -0400 (EDT)

Both the old "strobe" and the new nmap proggies are pretty quick.  Using
strobe I could generally scan ten thousand ports in about two minutes from
a fast machine with a fast connection.

/*-----------------------------------*/
/* I live with FEAR every day.       */
/* But, sometimes, she lets me RACE. */
/*-----------------------------------*/

KT Morgan
Network Engineer
Checkpoint Firewall-1 CCSA/CCSE
Microsoft MCP
Software Systems Group, Inc

On Tue, 3 Aug 1999, Fred Kreitzberg wrote:

Our web store underwent a heavy port scan yesterday.  It was unusual in both the number of scans, the port scanning 
pattern and the fact they scanned each port 6 times.  They were fast too, 8600 scans in less then 2 minutes.  Is this 
a new product/technique?

Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2301 to 206.81.220.22 2011 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2302 to 206.81.220.22 655 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2303 to 206.81.220.22 273 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2304 to 206.81.220.22 4144 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2305 to 206.81.220.22 1480 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2306 to 206.81.220.22 747 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2307 to 206.81.220.22 36 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2308 to 206.81.220.22 316 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2309 to 206.81.220.22 600 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2310 to 206.81.220.22 159 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2311 to 206.81.220.22 530 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2312 to 206.81.220.22 2011 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2313 to 206.81.220.22 655 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2314 to 206.81.220.22 273 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2315 to 206.81.220.22 4144 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2316 to 206.81.220.22 1480 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2317 to 206.81.220.22 747 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2318 to 206.81.220.22 36 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2319 to 206.81.220.22 316 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2320 to 206.81.220.22 600 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2321 to 206.81.220.22 159 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2322 to 206.81.220.22 530 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2323 to 206.81.220.22 2011 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2324 to 206.81.220.22 655 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2325 to 206.81.220.22 273 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2326 to 206.81.220.22 4144 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2327 to 206.81.220.22 1480 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2328 to 206.81.220.22 747 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2329 to 206.81.220.22 36 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2330 to 206.81.220.22 316 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2331 to 206.81.220.22 600 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2332 to 206.81.220.22 159 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2333 to 206.81.220.22 530 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2334 to 206.81.220.22 10005 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2335 to 206.81.220.22 201 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2336 to 206.81.220.22 2032 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2337 to 206.81.220.22 832 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2338 to 206.81.220.22 2004 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2339 to 206.81.220.22 504 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2340 to 206.81.220.22 1381 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2341 to 206.81.220.22 1448 flags SYN
Aug 2 17 43 40 Inbound TCP connection denied from 129.121.2.4 2342 to 206.81.220.22 355 flags SYN

Fredrick W. Kreitzberg...............................................Data Security
Recreational Equipment Inc. (REI)........................email:fkreitz () rei com
Box 1938.....................................................phone: 253.395.5881
Sumner, WA 98390-0800.....................................FAX: 253.395.4720
"Quality Outdoor Gear and Clothing Since 1938"..........http://www.rei.com

Current thread:

repetitive port scanning, why? Fred Kreitzberg (Aug 04)
- Re: repetitive port scanning, why? Siglite (Aug 05)
- Re: repetitive port scanning, why? Michael H. Warfield (Aug 06)
- <Possible follow-ups>
- Re: repetitive port scanning, why? Robert Graham (Aug 06)