Full Disclosure mailing list archives
Massive Attacks from mistral.cz
From: "Helmut Hauser" <helmut_hauser () hotmail com>
Date: Tue, 23 Dec 2003 17:08:37 +0100
Hi List, we got massive attacks from several mistral.cz hosts. Attacks were blocked but interesting thing is the port-range between 1000-2000. Any new trojan/worm out ? Number: 63791 Date: 22Dec2003 Time: 15:48:14 Type: Log Service: 1740 Source: r2aa191.mistral.cz (62.245.90.191) Protocol: tcp Source Port: 2732 Information: TCP packet out of state: First packet isn't SYN tcp_flags: RST-ACK Number: 63801 Date: 22Dec2003 Time: 15:49:09 Type: Log Service: 1752 Source: h240.brno.mistral.cz (62.245.103.240) Protocol: tcp Source Port: 2680 Information: TCP packet out of state: First packet isn't SYN tcp_flags: RST-ACK Number: 75161 Date: 23Dec2003 Time: 16:52:22 Type: Log Action: Drop Service: 1841 Source: r2d216.mistral.cz (62.245.67.216) Protocol: tcp Source Port: Remote_Storm (1025) Information: TCP packet out of state: First packet isn't SYN tcp_flags: RST-ACK Merry X-Mass Helmut Hauser Systemadministration EDV _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Massive Attacks from mistral.cz Helmut Hauser (Dec 23)