Security Incidents mailing list archives

Strange scan in progress

From: Jerry Walsh <jerry () NITROWEB NET>
Date: Mon, 16 Oct 2000 15:28:25 +0100

Anyone have any idea of what's going on here?
Looks like some decoy hosts involved too..

Oct 16 15:11:34 XXXXXX /kernel: Connection attempt to UDP
xxx.xxx.xxx.xxx:33483 from 205.232.143.227:47879
Oct 16 15:11:38 XXXXXX /kernel: Connection attempt to UDP
xxx.xxx.xxx.xxx:33484 from 205.232.143.227:47879
Oct 16 15:11:38 XXXXXX /kernel: Connection attempt to UDP
xxx.xxx.xxx.xxx:33485 from 205.232.143.227:47879
Oct 16 15:12:00 XXXXXX /kernel: Connection attempt to UDP
xxx.xxx.xxx.xxx:33480 from 208.49.8.134:37154
Oct 16 15:12:00 XXXXXX /kernel: Connection attempt to UDP
xxx.xxx.xxx.xxx:33481 from 208.49.8.134:37154
Oct 16 15:12:00 XXXXXX /kernel: Connection attempt to UDP
xxx.xxx.xxx.xxx:33482 from 208.49.8.134:37154
Oct 16 15:12:53 XXXXXX /kernel: Connection attempt to UDP
xxx.xxx.xxx.xxx:33480 from 209.97.65.33:40888
Oct 16 15:12:53 XXXXXX /kernel: Connection attempt to UDP
xxx.xxx.xxx.xxx:33481 from 209.97.65.33:40888
Oct 16 15:12:53 XXXXXX /kernel: Connection attempt to UDP
xxx.xxx.xxx.xxx:33482 from 209.97.65.33:40888
Oct 16 15:14:11 XXXXXX /kernel: Connection attempt to UDP
xxx.xxx.xxx.xxx:33486 from 159.87.67.4:44739
Oct 16 15:14:11 XXXXXX /kernel: Connection attempt to UDP
xxx.xxx.xxx.xxx:33487 from 159.87.67.4:44739
Oct 16 15:14:11 XXXXXX /kernel: Connection attempt to UDP
xxx.xxx.xxx.xxx:33488 from 159.87.67.4:44739


Jerry.

Current thread:

Strange scan in progress Jerry Walsh (Oct 16)
- Re: Strange scan in progress Marcel de Riedmatten (Oct 16)