Security Incidents mailing list archives
Re: Linuxconf scanning
From: James Hoagland <hoagland () SILICONDEFENSE COM>
Date: Tue, 8 Aug 2000 11:52:25 -0700
We saw a scan like that too from the same host (211.169.82.130) at 05:54 PDT on Aug 5th. APNIC was having connection problems yesterday but I managed to get through to find out it was a Korean address and got b0048228 () users bora net as the contact adress from KRNIC. The IP seems to be part of BORANET in Kyongnam, Korea. I also e-mailed abuse () bora net. I haven't gotten any replies but haven't gotten any bounces either. Hope this helps, Jim At 11:09 AM -0700 8/7/00, Ian Eure wrote:
saw some linuxconf scanning this weekend... -- snip -- Aug 5 15:29:33 spindle kernel: Packet log: ltraf REJECT eth0 PROTO=6 211.169.82.130:4450 aaa.bbb.ccc.ddd:98 L=60 S=0x00 I=16301 F=0x4000 T=43 SYN (#11) Aug 5 15:29:33 spindle kernel: Packet log: ltraf REJECT eth0 PROTO=6 211.169.82.130:4450 aaa.bbb.ccc.ddd:98 L=60 S=0x00 I=16301 F=0x4000 T=43 SYN (#11) -- snip -- $ grep 98\/tcp /etc/services linuxconf 98/tcp # LinuxConf $ a quick whois shows the 210/8 & 211/8 subnets as delegated to the asia-pacific region. queries to whois.apnic.net were butt-slow and didn't respond. did anyone else see this over the weekend? -- ______________________________________________ | "the whole scale of cosmic dimensions are falling from my mouth | in the description of a kiss of the interimlovers" | - einsturzende neubaten, "interim"
-- |* Jim Hoagland, Associate Researcher, Silicon Defense *| |* hoagland () SiliconDefense com *| |* Voice: (707) 445-4355 x13 Fax: (707) 826-7571 *|
Current thread:
- Linuxconf scanning Ian Eure (Aug 08)
- Re: Linuxconf scanning jeff keith (Aug 09)
- Re: Linuxconf scanning James Hoagland (Aug 09)
- Re: Linuxconf scanning Dan Hollis (Aug 10)
- <Possible follow-ups>
- Re: Linuxconf scanning Frank Dauer (Aug 09)
- Re: Linuxconf scanning Brian Sommers (Aug 13)
- Re: Linuxconf scanning Jim Roland (Aug 14)
- Re: Linuxconf scanning Granquist, Lamont (Aug 22)
- Re: Linuxconf scanning Jim Roland (Aug 14)
- Re: Linuxconf scanning Granquist, Lamont (Aug 24)
- Re: Linuxconf scanning Jon Lewis (Aug 24)
- Re: Linuxconf scanning St. Arnaud, Jon (Aug 25)