Security Incidents mailing list archives
Re: Unusual scan pattern
From: r.fulton () AUCKLAND AC NZ (Russell Fulton)
Date: Mon, 24 Jan 2000 12:44:52 +1300
On Thu, 20 Jan 2000 20:35:44 +0000 Kevin Houle <kjh () cert org> wrote:
Russell Fulton wrote:HI folks, I have not seen this type of scan before so I am forwarding the argus logs for others to examine....What interests me is the initial tcp data packets which look as if they have been crafted to go through firewalls (at least simple packet filter types) and the artifical source port numbers.You might take a look at the following document: http://www.cert.org/incident_notes/IN-99-01.html The footprint made in your argus logs is quite like the footprint made by 'sscan'.
Right you are! That's exactly what I saw. I had forgotten about sscan, although I had seen the Cert note a while back. Cheers and thanks, Russell.
Current thread:
- Unusual scan pattern Russell Fulton (Jan 18)
- ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Michael Vaughan (Jan 19)
- Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Cy Schubert - ITSD Open Systems Group (Jan 21)
- Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Ex Machina [xm] (Jan 21)
- Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File CyberPsychotic (Jan 21)
- Re: ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Dug Song (Jan 22)
- Re: Unusual scan pattern Granquist, Lamont (Jan 19)
- Slow scan Mixmaster (Jan 19)
- Re: Unusual scan pattern Richard Bejtlich (Jan 20)
- Re: Unusual scan pattern Kevin Houle (Jan 20)
- Re: Unusual scan pattern Russell Fulton (Jan 23)
- semi careful, very patient attacker Jon Paul, Nollmann (Jan 24)
- <Possible follow-ups>
- Re: Unusual scan pattern Oliver Friedrichs (Jan 19)
- Unknown Port Numbers Edwin Covert (Jan 21)
- ANOTHER DNS MAC ADDRESS Change w/h Unix Log File Michael Vaughan (Jan 19)