Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Traffic identification

From: "Brian A Kee" <bkee () lurhq com>
Date: Thu, 19 Dec 2002 02:48:37 -0500
You can try this nifty port lookup tool:
http://www.treachery.net/security_tools/ports/

This resembles a port scan.

Notice the source ports are fairly repetetive. Under most normal
circumstances the source port numbers would not be so repetetive. I would
definitely take a closer look at the host sending this traffic.

I have no info on the hosts.


BAK

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of W.C.
Epperson
Sent: Wednesday, December 18, 2002 12:16 PM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] Traffic identification


This is a dial-up user on my network trying to get to something I can't
identify at an address I
can't find out much about.  Does anyone recognize the traffic?  Or have
suggestions on researching
this sort of thing?  My old ways of searching on port number, etc., turn
up so much noise I can't
sift through it.
Dec 18 08:23:56 denied udp 141.104.10.222(9370) -> 207.114.130.6(375)
Dec 18 08:24:56 denied udp 141.104.10.222(9370) -> 207.114.130.7(373)
Dec 18 08:25:56 denied udp 141.104.10.222(9370) -> 207.114.130.7(371)
Dec 18 08:26:03 denied tcp 141.104.10.222(3030) -> 207.114.130.7(483)
Dec 18 08:26:56 denied udp 141.104.10.222(9370) -> 207.114.130.7(376)
Dec 18 08:27:10 denied tcp 141.104.10.222(3033) -> 207.114.130.7(481)
Dec 18 08:28:03 denied udp 141.104.10.222(9370) -> 207.114.130.7(370)
Dec 18 08:29:03 denied udp 141.104.10.222(9370) -> 207.114.130.7(372)
Dec 18 08:29:56 denied udp 141.104.10.222(9370) -> 207.114.130.7(373)
Dec 18 08:30:15 denied tcp 141.104.10.222(3044) -> 207.114.130.7(482)
Dec 18 08:31:56 denied udp 141.104.10.222(9370) -> 207.114.130.7(376)
Dec 18 08:32:03 denied udp 141.104.10.222(9370) -> 207.114.130.7(375)
Dec 18 08:32:56 denied tcp 141.104.10.222(3033) -> 207.114.130.7(481)
Dec 18 08:33:16 denied tcp 141.104.10.222(3052) -> 207.114.130.6(485)
Dec 18 08:33:46 denied tcp 141.104.10.222(3053) -> 207.114.130.7(485)
Dec 18 08:33:56 denied tcp 141.104.10.222(3036) -> 207.114.130.7(486)
Dec 18 08:34:02 denied udp 141.104.10.222(9370) -> 207.114.130.6(370)
Dec 18 08:34:56 denied udp 141.104.10.222(9370) -> 207.114.130.6(375)
Dec 18 08:35:09 denied tcp 141.104.10.222(3054) -> 207.114.130.7(480)
Dec 18 08:35:39 denied tcp 141.104.10.222(3055) -> 207.114.130.6(480)
Dec 18 08:35:56 denied tcp 141.104.10.222(3044) -> 207.114.130.7(482)
Dec 18 08:37:56 denied udp 141.104.10.222(9370) -> 207.114.130.7(375)
Dec 18 08:38:56 denied tcp 141.104.10.222(3052) -> 207.114.130.6(485)
Dec 18 08:39:56 denied udp 141.104.10.222(9370) -> 207.114.130.6(370)
Dec 18 08:40:56 denied tcp 141.104.10.222(3055) -> 207.114.130.6(480)


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: