Security Incidents mailing list archives

Re: huge scans from www.oix.com

From: rde () IRELANDS-WEB IE (Robert D. Elliott)
Date: Sat, 29 Apr 2000 18:11:12 +0100


On Fri, 28 Apr 2000, jose wrote:

This morning i see in the system logs a huge of this messages

xxx.xxx.37.3:21 L=40 S=0x00 I=64651 F=0x4000 T=46
Apr 28 07:43:18 neptuno kernel: Packet log: input REJECT eth0 PROTO=6
205.189.131.3:23851


They're not that discerning; it was port 53 on my box. It was only for a
couple of minutes, though.

Apr 28 00:55:46 leviathan kernel: Packet log: input DENY eth0 PROTO=6
205.189.131.3:2947 xxx.xxx.22.1:53 L=44 S=0x00 I=37065 F=0x0000 T=47
Apr 28 00:55:49 leviathan kernel: Packet log: input DENY eth0 PROTO=6
205.189.131.3:2947 194.xxx.xxx.1:53 L=44 S=0x00 I=37123 F=0x0000 T=47

what is the port 635?

mountd. http://advice.networkice.com/advice/Exploits/Ports is my first
stop for port queries.

Robert Elliott          Systems Administrator, Planet Cyber Cafe
rde () irelands-web ie  http://robertelliott.org

Current thread:

Re: huge scans from www.oix.com Richard Bejtlich (Apr 28)
- <Possible follow-ups>
- Re: huge scans from www.oix.com Robert D. Elliott (Apr 29)