Security Incidents mailing list archives
Re: Distributed scan (src port 23) of our whole class C network
From: Glenn Forbes Fleming Larratt <glratt () IO COM>
Date: Tue, 23 Jan 2001 21:29:38 -0600
We are observing this as well in our class B (which I'm not to
communicate), from all four addresses listed below and no others
so far.
Have the owners of these addresses been notified?
-g
On Tue, 23 Jan 2001, Ralf G. R. Bergs wrote:
Hi there, there's currently a distributed scan going on across our whole class C network (contained in the class B network 131.188.0.0/16.) The scanning machines send TCP packets with a source port of 23. The source IP addresses I've seen so far are 134.53.215.184 (ip134-053-215-184.s215.muohio.edu) 216.22.151.67 (fortress.omnicon.net) 209.220.244.18 (w018.z209220244.chi-il.dsl.cnc.net) 209.240.174.2 (apollo.netwest.com) Anyone else seen similar things going on? Ralf -- Sign the EU petition against SPAM: L I N U X .~. http://www.politik-digital.de/spam/ The Choice /V\ of a GNU /( )\ Generation ^^-^^
-- Glenn Forbes Fleming Larratt The Lab Ratt (not briggs :-) glratt () io com http://www.io.com/~glratt There are imaginary bugs to chase in heaven.
Current thread:
- Distributed scan (src port 23) of our whole class C network Ralf G. R. Bergs (Jan 23)
- Re: Distributed scan (src port 23) of our whole class C network Glenn Forbes Fleming Larratt (Jan 23)
- Re: Distributed scan (src port 23) of our whole class C network Abel Wisman (Jan 24)
- Re: Distributed scan (src port 23) of our whole class C network Tom Fischer (Jan 24)
- Re: Distributed scan (src port 23) of our whole class C network Ralf G. R. Bergs (Jan 24)
- Re: Distributed scan (src port 23) of our whole class C network Liudvikas Bukys (Jan 24)
- Re: Distributed scan (src port 23) of our whole class C network Glenn Forbes Fleming Larratt (Jan 23)