Security Incidents mailing list archives
Re: update on scans of tcp 12345 AUSCERT#36349
From: bscaring () MARMAIL ED RAY COM (Bryan Scaringe)
Date: Thu, 8 Jun 2000 16:08:41 -0400
ditto,
I forget the IP address, but I have seen a few of those in my logs
lately. I just add the offending IP's to my blocked list and carry on.
Is there any reson for me to be particularly concerned with these probes?
Bryan
Russell Fulton wrote:Oh, yes. Source addresses seem to be mostly dialup or cable/dsl address and are spread around the world. APNIC addresses (210.0.0.0/7) are over represented -- between third and a half. Those that I looked up were predominantly Korean with a few in Japan. There are quite a lot form home.com, sympatico.ca, videotron.net, da.uu.net (cable providers?), and a smattering from around the rest of the world including Europe.I have a single static IP dialup, and two days ago I received a similar scan on 12345, so it's not just you. It appears to be from a cable provider (excite@home). Jun 6 20:20:11 port 12345 connection attempt from cr458475-a.lndn1.on.wave.home .com [24.112.54.236] -- Shaw Terwilliger <sterwill () sourcegear com>
Current thread:
- ** New DDoS / Trojan **, (continued)
- ** New DDoS / Trojan ** nine (Jun 10)
- Re: ** New DDoS / Trojan ** Pierre Vandevenne (Jun 12)
- Re: unknown trojan (attached) Brandon Kittler (Jun 10)
- Re: unknown trojan (attached) Doug Kahler (Jun 12)
- .:: 14x :: Information :: New DDoS/Trojan ::. Erik Tayler (Jun 13)
- Re: .:: 14x :: Information :: New DDoS/Trojan ::. Lic. Rodolfo Gonzalez Gonzalez (Jun 15)
- IRC connect through apache ???? arhuman () HOTMAIL COM (Jun 14)
- Re: IRC connect through apache ???? Eric Vyncke (Jun 15)
- ** New DDoS / Trojan ** nine (Jun 10)