Security Incidents mailing list archives

Re: new scanner tool or blind luck?

From: George Bakos <alpinista () BIGFOOT COM>
Date: Thu, 14 Sep 2000 00:02:07 -0400

network.vbs
go to http://www.sophos.com

On 13 Sep 00, at 9:22, T. Esting wrote:

  Lately, we've been tracking some unusual NetBIOS scans that have
  caught
our attention and are interesting enough that we thought we'd share
with the group.  Around the last week of August, we started seeing
scans exhibiting the following signature behavior:

Sep 09 09:38:09 [ids-host]   SRCIP other.subnet.61.30 SRCPRT 2889
DSTIP our.sub.net.1 DSTPRT 139 PROT TCP Sep 09 09:38:09 [ids-host]
SRCIP other.subnet.61.30 SRCPRT 2889 DSTIP our.sub.net.1 DSTPRT 139
PROT TCP Sep 09 09:38:14 [ids-host]   SRCIP other.subnet.61.30 SRCPRT
2890 DSTIP



George Bakos - Security Engineer
Electronic Warfare Associates
Information & Infrastructure Technologies
802-338-3213

 To request PGP public key,
 mailto:alpinista () bigfoot com?subject=sendpubkey
 or http://pgpkeys.mit.edu:11371/

Current thread:

new scanner tool or blind luck? T. Esting (Sep 13)
- Re: new scanner tool or blind luck? Thierry (Sep 13)
- Re: new scanner tool or blind luck? Ken Armstrong (Sep 14)
  - Re: new scanner tool or blind luck? Thomas Molina (Sep 14)
  - Re: new scanner tool or blind luck? Harlan S. Barney, Jr. (Sep 14)
    - Re: new scanner tool or blind luck? Josh Brandt (Sep 14)
- Re: new scanner tool or blind luck? George Bakos (Sep 14)
  - Re: new scanner tool or blind luck? Randy Mclean (Sep 14)
    - Re: new scanner tool or blind luck? George Bakos (Sep 14)
    - Re: new scanner tool or blind luck? Randy Mclean (Sep 14)
- <Possible follow-ups>
- Re: new scanner tool or blind luck? T. Esting (Sep 14)