Security Incidents mailing list archives

Re: Strange scan in progress

From: Marcel de Riedmatten <mdr () DOTFORGE CH>
Date: Mon, 16 Oct 2000 21:40:16 +0200

On Mon, Oct 16, 2000 at 03:28:25PM +0100, Jerry Walsh wrote:

Anyone have any idea of what's going on here?
Looks like some decoy hosts involved too..

Oct 16 15:11:34 XXXXXX /kernel: Connection attempt to UDP
xxx.xxx.xxx.xxx:33483 from 205.232.143.227:47879
Oct 16 15:11:38 XXXXXX /kernel: Connection attempt to UDP
xxx.xxx.xxx.xxx:33484 from 205.232.143.227:47879
Oct 16 15:11:38 XXXXXX /kernel: Connection attempt to UDP
xxx.xxx.xxx.xxx:33485 from 205.232.143.227:47879
Oct 16 15:12:00 XXXXXX /kernel: Connection attempt to UDP


This look like a traceroute from a unix machine. May be you
block this packet or you block outgoing icmp port unreachable
and the traceroute program getting no response look one hop
ahead and one more hop ahead. Same for other log.


--
Marcel de Riedmatten

Current thread:

Strange scan in progress Jerry Walsh (Oct 16)
- Re: Strange scan in progress Marcel de Riedmatten (Oct 16)