Security Incidents mailing list archives
Re: Port 10008
From: Mike Scott <mikes () aspsaic com>
Date: Tue, 15 May 2001 09:19:47 -0700
I saw the same thing over the weekend to what looks like the entire Class B. Here's a snip from a snort portscan log, I don't have the rest in front of me: May 13 09:18:56 202.43.105.18:4760 -> xxx.140.18.139:10008 SYN ******S* May 13 09:18:56 202.43.105.18:4761 -> xxx.140.18.140:10008 SYN ******S* May 13 09:18:57 202.43.105.18:4762 -> xxx.140.18.141:10008 SYN ******S* May 13 09:18:57 202.43.105.18:4763 -> xxx.140.18.142:10008 SYN ******S* -- Mike On Tuesday 15 May 2001 02:10, you wrote:
Hello everyone, my FW-Logs went insane last night with gazillions of connection attempts to port 10008. FW-1 does unfortunately not log dropped packets, so I've no idea about flags et al, but the scan looks like this: SourcePort = Increases with each scan DestPort = 10008 This looks like an automated tool to me, as the whole scan took about a second or two. Any ideas? Thanks, Joerg
Current thread:
- Port 10008 Joerg Weber (May 15)
- Re: Port 10008 jlewis (May 15)
- Re: Port 10008 jlewis (May 22)
- Re: Port 10008 Tracey Losco (May 15)
- Re: Port 10008 Tim Brown (May 15)
- Re: Port 10008 Mike Scott (May 15)
- Re: Port 10008 Crist Clark (May 15)
- Re: Port 10008 Rob Lindenbusch (May 15)
- Re: Port 10008 Bryan Andersen (May 15)
- Cheese Worm - Port 10008 HyunWoo Lee (May 16)
- Re: Port 10008 jlewis (May 15)