Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Assistance regarding network scans

From: Bill Pennington <billp () ROCKETCASH COM>
Date: Mon, 7 Aug 2000 13:53:03 -0700
My guess would be that gw-sjo1.sc.philips.com is a router and someone
has fudged the IP address of the network management station so that it
is sending SNMP traps to your server(s). I would attempt to contact them
and let them know. You could also sniff those packets and figure out
want is wrong with the router :-).

My gut tells me that it is a simple misconfiguration.

Steve Lum wrote:


hello all,

        For the last couple of days, a specific host (63.194.140.131) has been
scanning my IP addresses on my network. They seem to be trying to connect to
port 162. The computers they are trying to connect to seem to be focused on
two computers. One NT Server and a Solaris workstation. I've attached a
small part of my log file to the bottom so you can see more clearly whats
going on. The remote host is gw-sjo1.sc.philips.com
Has anyone seen this sort of behavior before? And i'm not sure what is the
next action to take regarding this situation.

08-06-2000      23:24:50        list 120 denied udp 63.194.140.131(691) ->
207.217.9.x(162), 1 packet
08-06-2000      23:25:51        list 120 denied udp 63.194.140.131(705) ->
207.217.9.x(162), 1 packet
08-06-2000      23:26:51        list 120 denied udp 63.194.140.131(717) ->
207.217.9.y(162), 1 packet
08-06-2000      23:27:52        list 120 denied udp 63.194.140.131(727) ->
207.217.9.x(162), 1 packet
08-06-2000      23:28:53        list 120 denied udp 63.194.140.131(739) ->
207.217.9.x(162), 1 packet
08-06-2000      23:29:54        list 120 denied udp 63.194.140.131(750) ->
207.217.9.x(162), 1 packet
08-06-2000      23:30:55        list 120 denied udp 63.194.140.131(761) ->
207.217.9.x(162), 1 packet
08-06-2000      23:31:55        list 120 denied udp 63.194.140.131(770) ->
207.217.9.x(162), 1 packet
08-06-2000      23:32:56        list 120 denied udp 63.194.140.131(786) ->
207.217.9.x(162), 1 packet
08-06-2000      23:33:57        list 120 denied udp 63.194.140.131(795) ->
207.217.9.x(162), 1 packet
08-06-2000      23:34:58        list 120 denied udp 63.194.140.131(806) ->
207.217.9.x(162), 1 packet
08-06-2000      23:35:58        list 120 denied udp 63.194.140.131(820) ->
207.217.9.x(162), 1 packet
08-06-2000      23:36:59        list 120 denied udp 63.194.140.131(834) ->
207.217.9.x(162), 1 packet
08-06-2000      23:38:00        list 120 denied udp 63.194.140.131(843) ->
207.217.9.x(162), 1 packet
08-06-2000      23:39:00        list 120 denied udp 63.194.140.131(854) ->
207.217.9.x(162), 1 packet
08-06-2000      23:40:01        list 120 denied udp 63.194.140.131(866) ->
207.217.9.x(162), 1 packet
08-06-2000      23:41:02        list 120 denied udp 63.194.140.131(880) ->
207.217.9.x(162), 1 packet
08-06-2000      23:42:03        list 120 denied udp 63.194.140.131(889) ->
207.217.9.x(162), 1 packet
08-06-2000      23:43:04        list 120 denied udp 63.194.140.131(898) ->
207.217.9.x(162), 1 packet

any help is greatly appreciated,

steve


--


Bill Pennington
Senior IT Manager
Rocketcash
billp () rocketcash com
http://www.rocketcash.com
Previous By Date Next
Previous By Thread Next

Current thread: