Security Incidents mailing list archives

Re: stealth scans on old legacy firewalls.

From: lim () VIPE TECHNION AC IL (Leonid Igolnik - LiM)
Date: Sat, 5 Feb 2000 18:39:17 +0200


|Feb 04 04:58:58.892 bertha kernel[0]: 226 IP  packet dropped
|(gnet44.szptt.net.cn[202.96.191.44]->bertha[xxx.xxx.xxx.xxx]:
|Protocol=TCP[SYN] Port 2225->3128): Restricted Port: Protocol=TCP[SYN] Port
|2225->3128 (received on interface xxx.xxx.xxx.xxx)
|
|^^^^^^ Dont know what they are looking for on port 3128.
3128 is default port for many proxys, squid is one example.

Leonid Igolnik aka LiM

Current thread:

stealth scans on old legacy firewalls. Larry W. Cashdollar (Feb 04)
- Re: stealth scans on old legacy firewalls. Leonid Igolnik - LiM (Feb 05)
- Re: stealth scans on old legacy firewalls. SecOrg (Feb 05)
- Named "Response from unexpected source" Alexandru Popa (Feb 07)
  - Re: Named "Response from unexpected source" Erik Fichtner (Feb 07)
  - Re: Named "Response from unexpected source" Greg Woods (Feb 08)
  - echo requests, 1480 bytes thomas lakofski (Feb 08)