Security Incidents mailing list archives
Can anyone guess at this "scan"??
From: "Los, Ralph" <rlos () ENVESTNET COM>
Date: Wed, 10 Jan 2001 17:20:36 -0600
Hey all, Can someone maybe give me a clue where to dig on finding out what this type of "scan" is?...whether it's anything known? 01/09/2001 04:34:36.928 - UDP packet dropped - Source:other.net.11.66, 928, WAN - Destination:My.sub.net.162, 137, LAN - - 01/09/2001 04:41:23.416 - UDP packet dropped - Source:other.net.11.66, 642, WAN - Destination:My.sub.net.162, 137, LAN - - 01/09/2001 04:50:59.592 - UDP packet dropped - Source:other.net.11.66, 949, WAN - Destination:My.sub.net.162, 137, LAN - - 01/09/2001 04:57:10.336 - UDP packet dropped - Source:other.net.11.66, 690, WAN - Destination:My.sub.net.162, 137, LAN - - 01/09/2001 05:05:04.480 - UDP packet dropped - Source:other.net.11.66, 872, WAN - Destination:My.sub.net.162, 137, LAN - - The scans come at a seemingly timed interval, and after speaking with one of the network OPS personnel over at the company, it appears to be a unconfirmed version of *nix with some sort of mail program running on it. I've seen this scan pattern before and couldn't trace it down, this time I'm hoping to be able to pinpoint the cause. Thanks in advance for the forensics support. Ralph M. Los Sr. Internet Systems & Security Admin. (312) 827-3945 (direct) EnvestNet Advisory Corp. (312) 296-9003 (wireless) rlos () envestnet com
Current thread:
- Can anyone guess at this "scan"?? Los, Ralph (Jan 10)
- Re: Can anyone guess at this "scan"?? Anders Thulin (Jan 11)
- Re: Can anyone guess at this "scan"?? Guido Bolognesi (Jan 11)
- <Possible follow-ups>
- Re: Can anyone guess at this "scan"?? Howard, Aaron (Jan 11)
- Re: Can anyone guess at this "scan"?? Los, Ralph (Jan 11)
- Re: Can anyone guess at this "scan"?? Duquette, John (Jan 11)
- Re: Can anyone guess at this "scan"?? Sarah Cleveland (Jan 11)