Security Incidents mailing list archives
Code red probe followed by udp port 10xx
From: "Thompson, John J" <ThompsonJJ () mail medicine uiowa edu>
Date: Wed, 1 Aug 2001 12:24:23 -0500
--Im using blackice server agent on my iis5 box-- Ive noticed that the ISAPI overflow attempts are being followed by (within a minute) a udp port probe to ports 1094,1028, or 1143 (perhaps dynamicaly changing). Ive detected 4 of these for 4 scans since 11:30am CST. The udp probe is usually a ten count. Anyone else seen this? John Note: I do have Ip filtering enabled and blocking all but tcp 21,80,137-139. Same blocks apply on blackice. ------------------------------------ John Thompson Network Administrator Dept. of Biochemistry University of Iowa ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Code red probe followed by udp port 10xx Thompson, John J (Aug 01)