Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Interesting group of scans

From: William Knowles <wk () c4i org>
Date: Sat, 30 Jun 2001 08:51:22 -0500 (CDT)
Below is the cliff-notes of about 46 alerts to the personal firewall
on my laptop, the is the first time in awhile I've seen someone try to
shoot trinoo to my machine. I thought I should share this information
with the rest of the list, and see if anyone else is noticing this
pattern.

Cheers!

William Knowles
wk () c4i org



Sat Jun 30 07:50:38 AM  tcp     64.244.210.34   -> 166.90.214.151
80 [World Wide Web HTTP]        -> 1458 [Nichols Research Corp.]                
Sat Jun 30 07:53:34 AM  tcp     64.244.210.34   -> 166.90.214.151
80 [World Wide Web HTTP]        -> 1470 [Universal Analytics]           
Sat Jun 30 07:58:36 AM  tcp     64.244.210.34   -> 166.90.214.151
80 [World Wide Web HTTP]        -> 1460 [Proshare Notebook
Application]            
Sat Jun 30 07:58:37 AM  tcp     64.244.210.34   -> 166.90.214.151
80 [World Wide Web HTTP]        -> 1478 [ms-sna-base]           
Sat Jun 30 08:00:26 AM  tcp     64.244.210.34   -> 166.90.214.151
80 [World Wide Web HTTP]        -> 1516 [Virtual Places Audio data]             
Sat Jun 30 08:00:32 AM  tcp     64.244.210.34   -> 166.90.214.151
80 [World Wide Web HTTP]        -> 1497 [rfx-lm]                
Sat Jun 30 08:00:39 AM  tcp     64.244.210.34   -> 166.90.214.151
80 [World Wide Web HTTP]        -> 1510 [Midland Valley Exploration
Ltd. Lic. Man.]         
Sat Jun 30 08:01:02 AM  tcp     64.244.210.34   -> 166.90.214.151
80 [World Wide Web HTTP]        -> 1500 [VLSI License Manager]          
Sat Jun 30 08:02:45 AM  tcp     64.244.210.34   -> 166.90.214.151
80 [World Wide Web HTTP]        -> 1524 [ingres]                Trinoo
Sat Jun 30 08:02:45 AM  tcp     64.244.210.34   -> 166.90.214.151
80 [World Wide Web HTTP]        -> 1524 [ingres]                Trinoo
Sat Jun 30 08:05:09 AM  tcp     64.244.210.34   -> 166.90.214.151
80 [World Wide Web HTTP]        -> 1524 [ingres]                Trinoo
Sat Jun 30 08:05:10 AM  tcp     64.244.210.34   -> 166.90.214.151
80 [World Wide Web HTTP]        -> 1524 [ingres]                Trinoo
Sat Jun 30 08:06:45 AM  tcp     64.244.210.34   -> 166.90.214.151
80 [World Wide Web HTTP]        -> 1516 [Virtual Places Audio data]             


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*




----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: