Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wingate 1080/8080 Scans

From: Guillaume Filion <gfk () LOGIDAC COM>
Date: Wed, 31 Jan 2001 20:23:52 -0500
Hi Brian,

Let's do some stats on my firewall's logs located on a 24.x.x.x
(cable modem - high target for those scans):

[root@cesam /]# fgrep -c ':1080 ' /var/log/messages*
/var/log/messages:10
/var/log/messages.1:69
/var/log/messages.2:25
/var/log/messages.3:19
/var/log/messages.4:17
[root@cesam /]# ls -l /var/log/messages*
-rw-------   1 root     root       177585 Jan 31 19:56 /var/log/messages
-rw-------   1 root     root       438638 Jan 28 03:47 /var/log/messages.1
-rw-------   1 root     root       232626 Jan 21 03:43 /var/log/messages.2
-rw-------   1 root     root       162632 Jan 14 03:02 /var/log/messages.3
-rw-------   1 root     root       184867 Jan  7 03:24 /var/log/messages.4

So I've received, during this month:
10 packets between the 28 & 31 :    3.3/day ave.
69 packets between the 21 & 28 :    9.9/day ave.
25 packets between the 14 & 7:      3.6/day ave.
17 packets between the 1st & 7:     2.4/day ave.

So far this week has been quite normal, especially compared to last
week. But maibe a couple of script kiddies decided to scan your
particular subnet, while they were scanning mine last week...

Hope this helps,
GFK's


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Did anyone other than myself notice a metric ton of WinGate scans the
past two days for both 1080 and 8080?!?
I would estimate that 80-90% of our customers experienced extremely
high numbers of these scans yesterday and today.

Anyone else notice this or am I just not lucky today?!?!



Best Regards,


Brian D. Taylor
Level 2 Security Analyst
SecureWorks/IMSC
www.secureworks.net

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOnenOwBthbPW+yLIEQKttwCgqthatztLVaN5I7iBp/22XpnJiGgAmwR0
xNE0IhJgCPlvwzZLLlpl7W84
=J1IO
-----END PGP SIGNATURE-----


--
Guillaume Filion
Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/
PGP Fingerprint: 14A6 720A F7BA 6C87 2331 33FD 467E 9198 3DED D5CA

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: