Security Incidents mailing list archives
Re: ics.org rejected packets
From: Jeff <jeff () TCNET ORG>
Date: Sat, 30 Dec 2000 16:43:15 -0500
On Sat, 30 Dec 2000, Attonbitus Deus wrote:
I've got about 20 minutes worth of rejected packets in my log from ics.org (12.40.53.18). All against 51700-51705.
Greetings- I'll assume you speak of a tcp and/or udp port range here. ICQ-related. I know of nothing that links ics.org with ICQ/AOL, so it is likely someone using ICQ to communicate with someone using ICQ on your network. ICQ clients try to communicate peer-to-peer via UDP, TCP for file transfers and later versions of the protocol. Failing that, they resort to using ICQ servers as a middleman. Innocent causes aside, someone could be trying to probe your network to determine if you have opened these ports for forwarding into the internal network/past the screening routers to allow internal clients to use ICQ. I don't recall the state of common ICQ clients in terms of known exploits -- other than those purely social in nature. Further investigation at your discretion. -jeff -- Jeff Godin Network Specialist Traverse Area District Library / Traverse Community Network jeff () tcnet org
Current thread:
- ics.org rejected packets Attonbitus Deus (Dec 30)
- Re: ics.org rejected packets Jeff (Dec 30)
- Re: ics.org rejected packets Attonbitus Deus (Dec 31)
- Re: ics.org rejected packets Jeff (Dec 30)