Security Incidents mailing list archives
Re: stealth scans on old legacy firewalls.
From: lim () VIPE TECHNION AC IL (Leonid Igolnik - LiM)
Date: Sat, 5 Feb 2000 18:39:17 +0200
|Feb 04 04:58:58.892 bertha kernel[0]: 226 IP packet dropped |(gnet44.szptt.net.cn[202.96.191.44]->bertha[xxx.xxx.xxx.xxx]: |Protocol=TCP[SYN] Port 2225->3128): Restricted Port: Protocol=TCP[SYN] Port |2225->3128 (received on interface xxx.xxx.xxx.xxx) | |^^^^^^ Dont know what they are looking for on port 3128. 3128 is default port for many proxys, squid is one example. Leonid Igolnik aka LiM
Current thread:
- stealth scans on old legacy firewalls. Larry W. Cashdollar (Feb 04)
- Re: stealth scans on old legacy firewalls. Leonid Igolnik - LiM (Feb 05)
- Re: stealth scans on old legacy firewalls. SecOrg (Feb 05)
- Named "Response from unexpected source" Alexandru Popa (Feb 07)
- Re: Named "Response from unexpected source" Erik Fichtner (Feb 07)
- Re: Named "Response from unexpected source" Greg Woods (Feb 08)
- echo requests, 1480 bytes thomas lakofski (Feb 08)