Security Incidents mailing list archives
Re: new scanner tool or blind luck?
From: George Bakos <alpinista () BIGFOOT COM>
Date: Thu, 14 Sep 2000 00:02:07 -0400
network.vbs go to http://www.sophos.com On 13 Sep 00, at 9:22, T. Esting wrote:
Lately, we've been tracking some unusual NetBIOS scans that have caught our attention and are interesting enough that we thought we'd share with the group. Around the last week of August, we started seeing scans exhibiting the following signature behavior: Sep 09 09:38:09 [ids-host] SRCIP other.subnet.61.30 SRCPRT 2889 DSTIP our.sub.net.1 DSTPRT 139 PROT TCP Sep 09 09:38:09 [ids-host] SRCIP other.subnet.61.30 SRCPRT 2889 DSTIP our.sub.net.1 DSTPRT 139 PROT TCP Sep 09 09:38:14 [ids-host] SRCIP other.subnet.61.30 SRCPRT 2890 DSTIP
George Bakos - Security Engineer Electronic Warfare Associates Information & Infrastructure Technologies 802-338-3213 To request PGP public key, mailto:alpinista () bigfoot com?subject=sendpubkey or http://pgpkeys.mit.edu:11371/
Current thread:
- new scanner tool or blind luck? T. Esting (Sep 13)
- Re: new scanner tool or blind luck? Thierry (Sep 13)
- Re: new scanner tool or blind luck? Ken Armstrong (Sep 14)
- Re: new scanner tool or blind luck? Thomas Molina (Sep 14)
- Re: new scanner tool or blind luck? Harlan S. Barney, Jr. (Sep 14)
- Re: new scanner tool or blind luck? Josh Brandt (Sep 14)
- Re: new scanner tool or blind luck? George Bakos (Sep 14)
- Re: new scanner tool or blind luck? Randy Mclean (Sep 14)
- Re: new scanner tool or blind luck? George Bakos (Sep 14)
- Re: new scanner tool or blind luck? Randy Mclean (Sep 14)
- Re: new scanner tool or blind luck? Randy Mclean (Sep 14)
- <Possible follow-ups>
- Re: new scanner tool or blind luck? T. Esting (Sep 14)