Security Incidents mailing list archives
Re: scan log
From: jason () WITTYS COM (Jason Witty)
Date: Mon, 12 Jun 2000 18:29:28 -0500
Max,
This looks an aweful lot like an valid FTP data connection to me (based on
the source port {20}).
Jason
At 10:30 PM 6/11/00 -0500, Max Gribov wrote:
this are logs of a port scan i have recently recieved on one of my machines. i searched for those ports in all known port databases to me, but couldnt find anything. why would someone scan that specific range (observe the precise inrementation) of ports on a linux machine? Jun 11 22:20:21 mordor scanlogd: From 209.3.31.70:20 to 151.202.106.23 ports 2632, 2633, 2634, 2635, 2636, 2637, 2638, 2639, 2640, ..., flags ??r??u, TOS 00, TTL 60, started at 22:20:13 -- Max Gribov System Administrator Knowledge Propulsion Laboratories www.kplab.com
Current thread:
- AW: What is this guy doing?, (continued)
- AW: What is this guy doing? Peter Roth (Jun 08)
- Port 6347 Dante Mercurio (Jun 08)
- Re: Port 6347 Brian Macke (Jun 08)
- Re: Port 6347 Henry F. Marquardt (Jun 09)
- Re: What is this guy doing? Greg A. Woods (Jun 08)
- Port-scans from visited web-sites? Peter Bates (Jun 07)
- Re: Port-scans from visited web-sites? Joe McAlerney (Jun 08)
- Re: Port-scans from visited web-sites? Greg A. Woods (Jun 08)
- Re: Port-scans from visited web-sites? Erich Meier (Jun 10)
- scan log Max Gribov (Jun 11)
- Re: scan log Jason Witty (Jun 12)
- FW-1 log analysis tool Chew Poh Chang (CAPL) (Jun 08)
- Re: FW-1 log analysis tool Lance Spitzner (Jun 10)
- Re: FW-1 log analysis tool Kenneth Ish (Jun 11)
- port 12345 scanning Luke Dudney (Jun 11)
- Protocol 54 M J (Jun 07)
- Re: very strange scan patterns Ejovi Nuwere (Jun 07)
- hacked @home with logs and info.. nmorgowicz () RALCOIND COM (Jun 07)
- Re: hacked @home with logs and info.. Shadow Boxer (Jun 08)
- UDP Port 2078 Dundo (Jun 08)
- New KAK worm distribution out Roy Wilson (Jun 08)