Security Incidents mailing list archives
Re: Unusual scan pattern
From: kjh () CERT ORG (Kevin Houle)
Date: Thu, 20 Jan 2000 20:35:44 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Russell Fulton wrote:
HI folks, I have not seen this type of scan before so I am forwarding the argus logs for others to examine.
...
What interests me is the initial tcp data packets which look as if they have been crafted to go through firewalls (at least simple packet filter types) and the artifical source port numbers.
You might take a look at the following document: http://www.cert.org/incident_notes/IN-99-01.html The footprint made in your argus logs is quite like the footprint made by 'sscan'. Kevin -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQA/AwUBOIdxWVr9kb5qlZHQEQL49gCeK6NJES2grreFMJ98R6+WLmmqH0YAn2J8 FiucEqim1R2k+QET+acHNkwK =Rufw -----END PGP SIGNATURE-----
Current thread:
- Unusual scan pattern Russell Fulton (Jan 18)
- ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Michael Vaughan (Jan 19)
- Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Cy Schubert - ITSD Open Systems Group (Jan 21)
- Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Ex Machina [xm] (Jan 21)
- Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File CyberPsychotic (Jan 21)
- Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Dug Song (Jan 22)
- Re: Unusual scan pattern Granquist, Lamont (Jan 19)
- Slow scan Mixmaster (Jan 19)
- Re: Unusual scan pattern Richard Bejtlich (Jan 20)
- Re: Unusual scan pattern Kevin Houle (Jan 20)
- Re: Unusual scan pattern Russell Fulton (Jan 23)
- semi careful, very patient attacker Jon Paul, Nollmann (Jan 24)
- <Possible follow-ups>
- Re: Unusual scan pattern Oliver Friedrichs (Jan 19)
- Unknown Port Numbers Edwin Covert (Jan 21)
- ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Michael Vaughan (Jan 19)