Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fw: sharp increase on 27347/TCP

From: Eric Bowser <ebowser () i-trap net>
Date: Wed, 29 Oct 2003 09:13:56 -0500
The IDS sensors I have outside the firewall only detected SYN packets
since the ports were blocked by the firewall.

On Wed, 2003-10-29 at 00:28, SPAM wrote:

Same here.. but now it's dropping as fast as it raises.. did anyone manage
to capture what's inside?


----- Original Message ----- 
From: "Eric Bowser" <ebowser () i-trap net>
To: <full-disclosure () lists netsys com>
Sent: Wednesday, October 29, 2003 4:51 AM
Subject: Re: [Full-disclosure] sharp increase on 27347/TCP



That's what I thought at first, but why the sudden interest in 27374
then?  Also, incidents.org is showing 200+ sources... that a whole
state's worth of dyslexic people...

Incidents.org is now showing 1.1 million hits today alone.  Something
big just came out, but I can't figure out what...


On Tue, 2003-10-28 at 16:09, Will Image wrote:

oh no its a dyslexic pereson scannin for Sub7!!! (27374)

bah

Joshua Levitsky <jlevitsk () joshie com> wrote:
        http://isc.incidents.org/port_details.html?port=27347

        I'd say probably something is coming... that's a pretty sharp
        spike on the
        graph.

        -Josh

        --
        Joshua Levitsky, MCSE, CISSP
        System Engineer
        Time Inc. Information Technology
        [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]

        ----- Original Message ----- 
        From: "Eric Bowser"
        To:
        Sent: Tuesday, October 28, 2003 12:44 PM
        Subject: [Full-disclosure] sharp increase on 27347/TCP


        > I've noticed a sharp increase in probes of port 27347/TCP
        against our
        > equipment over the past couple of days. Zero hits for weeks,
        58
        > yesterday, and 224 so far today. Incidents.org seems to
        confirm this,
        > very light activity for weeks, and suddenly 781,000
        yesterday and
        > 938,000 so far today.
        >
        &! gt; Has anybody else seen this?
        >
        > -- 
        > Eric J. Bowser
        > 330.658.9858 direct
        > 330.658.0123 fax
        >
        > i-TRAP Internet Security Services
        > 888-658-TRAP toll-free
        > 330.658.1040 local
        > www.i-trap.net
        >
        > _______________________________________________
        > Full-Disclosure - We believe in it.
        > Charter:
        http://lists.netsys.com/full-disclosure-charter.html
        >

        _______________________________________________
        Full-Disclosure - We believe in it.
        Charter: http://lists.netsys.com/full-disclosure-charter.html

______________________________________________________________________
Do you Yahoo!?
Exclusive Video Premiere - Britney Spears

-- 
Eric J. Bowser
330.658.9858 direct
330.658.0123 fax

i-TRAP Internet Security Services
888-658-TRAP toll-free
330.658.1040 local
www.i-trap.net

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

-- 
Eric J. Bowser 
330.658.9858 direct 
330.658.0123 fax 

i-TRAP Internet Security Services 
888-658-TRAP toll-free 
330.658.1040 local 
www.i-trap.net

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: