Security Incidents mailing list archives
Firewall hits/unknown ports
From: <bonk () webchat chatsystems com>
Date: Sun, 4 Nov 2001 09:06:04 -0600 (CST)
Anyone know what trojans/backdoors run on 22634, 24544 and 29319 ? Snort.org doesn't list these. 80 24.23.170.219 http Nov 4 03:56:14 80 24.23.19.114 http Nov 4 03:13:24 80 24.23.170.219 http Nov 4 02:57:32 80 24.23.170.219 http Nov 4 02:57:29 80 24.23.170.219 http Nov 4 02:44:27 80 24.23.170.219 http Nov 4 02:08:54 80 24.23.170.219 http Nov 4 02:08:51 80 24.100.151.92 http Nov 4 02:01:11 80 24.100.151.92 http Nov 4 02:01:08 80 24.214.18.131 http Nov 4 00:57:24 80 67.164.189.42 http Nov 4 00:16:15 25 67.164.189.42 smtp Nov 4 00:16:14 110 67.164.189.42 pop3 Nov 4 00:16:14 21 67.164.189.42 ftp Nov 4 00:16:13 7 67.164.189.42 echo Nov 4 00:16:13 53 67.164.189.42 domain Nov 4 00:16:09 22634 24.254.60.19 unknown Nov 3 23:49:26 22634 24.254.60.19 unknown Nov 3 23:48:26 22634 24.254.60.19 unknown Nov 3 23:47:26 22634 24.254.60.19 unknown Nov 3 23:46:26 22634 24.254.60.19 unknown Nov 3 23:45:26 22634 24.254.60.19 unknown Nov 3 23:44:26 22634 24.254.60.19 unknown Nov 3 23:43:26 22634 24.254.60.19 unknown Nov 3 23:42:26 22634 24.254.60.19 unknown Nov 3 23:41:53 22634 24.254.60.19 unknown Nov 3 23:41:36 22634 24.254.60.19 unknown Nov 3 23:41:28 80 24.23.170.219 http Nov 3 23:39:37 80 24.51.8.166 http Nov 3 22:57:26 80 24.51.8.166 http Nov 3 22:57:23 80 24.23.170.219 http Nov 3 22:47:18 80 24.23.170.219 http Nov 3 22:47:15 21 80.11.127.241 ftp Nov 3 22:39:47 21 80.11.127.241 ftp Nov 3 22:39:41 80 24.23.19.114 http Nov 3 22:29:26 80 24.23.19.114 http Nov 3 22:29:23 80 24.23.170.219 http Nov 3 22:13:45 80 24.23.170.219 http Nov 3 22:01:43 80 24.23.170.219 http Nov 3 22:01:40 80 24.23.19.114 http Nov 3 21:30:41 80 24.23.19.114 http Nov 3 21:30:38 27374 24.19.71.108 Sub7 Nov 3 21:18:13 27374 24.19.71.108 Sub7 Nov 3 21:18:01 27374 24.19.71.108 Sub7 Nov 3 21:17:55 27374 24.19.71.108 Sub7 Nov 3 21:17:52 80 24.23.19.114 http Nov 3 20:44:14 80 24.23.19.114 http Nov 3 20:44:11 80 24.23.19.114 http Nov 3 20:34:55 80 24.23.19.114 http Nov 3 20:34:52 80 24.23.19.114 http Nov 3 20:18:01 80 24.23.19.114 http Nov 3 20:17:58 80 24.23.170.219 http Nov 3 20:17:05 80 24.23.170.219 http Nov 3 20:10:24 80 24.23.170.219 http Nov 3 20:10:22 34554 24.254.60.39 unknown Nov 3 20:01:40 80 24.23.170.219 http Nov 3 20:01:04 80 24.23.170.219 http Nov 3 20:01:02 34554 24.254.60.39 unknown Nov 3 20:00:40 34554 24.254.60.39 unknown Nov 3 19:59:40 34554 24.254.60.39 unknown Nov 3 19:58:40 34554 24.254.60.39 unknown Nov 3 19:57:40 34554 24.254.60.39 unknown Nov 3 19:56:40 34554 24.254.60.39 unknown Nov 3 19:55:40 34554 24.254.60.39 unknown Nov 3 19:55:02 34554 24.254.60.39 unknown Nov 3 19:54:43 34554 24.254.60.39 unknown Nov 3 19:54:33 53 202.138.113.150 domain Nov 3 19:54:12 53 202.138.113.150 domain Nov 3 19:54:06 53 202.138.113.150 domain Nov 3 19:54:03 27374 24.156.37.3 Sub7 Nov 3 19:42:12 27374 24.156.37.3 Sub7 Nov 3 19:42:06 27374 24.156.37.3 Sub7 Nov 3 19:42:02 80 24.23.19.114 http Nov 3 19:23:08 80 24.23.19.114 http Nov 3 19:23:05 111 211.112.143.2 sunrpc Nov 3 19:22:33 80 24.23.19.114 http Nov 3 19:21:11 80 24.23.19.114 http Nov 3 19:21:07 80 24.23.19.114 http Nov 3 19:11:52 80 24.23.19.114 http Nov 3 19:11:49 80 24.16.82.182 http Nov 3 16:25:40 80 24.16.82.182 http Nov 3 16:25:37 80 24.12.210.113 http Nov 3 15:50:57 80 24.12.210.113 http Nov 3 15:50:54 29319 24.254.60.33 unknown Nov 3 10:13:09 29319 24.254.60.33 unknown Nov 3 10:12:09 29319 24.254.60.33 unknown Nov 3 10:11:09 29319 24.254.60.33 unknown Nov 3 10:10:09 29319 24.254.60.33 unknown Nov 3 10:09:09 29319 24.254.60.33 unknown Nov 3 10:08:09 29319 24.254.60.33 unknown Nov 3 10:07:09 29319 24.254.60.33 unknown Nov 3 10:06:33 29319 24.254.60.33 unknown Nov 3 10:06:15 29319 24.254.60.33 unknown Nov 3 10:06:06 80 213.96.11.21 http Nov 3 09:52:33 515 157.238.46.30 printer Nov 3 08:15:20 515 157.238.46.30 printer Nov 3 08:15:17 111 211.100.18.45 sunrpc Nov 3 07:54:16 111 211.100.18.45 sunrpc Nov 3 07:54:13 80 24.234.87.155 http Nov 3 06:15:40 80 24.234.87.155 http Nov 3 06:15:37 Bonk Bonk () cyberabuse org ================================================ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Firewall hits/unknown ports bonk (Nov 04)
- Re: Firewall hits/unknown ports Stephen (Nov 04)
- RE: Firewall hits/unknown ports Loki (Nov 04)
- Re: Firewall hits/unknown ports Glenn Forbes Fleming Larratt (Nov 04)
- Re: Firewall hits/unknown ports Valdis . Kletnieks (Nov 04)
- Re: Firewall hits/unknown ports Nick FitzGerald (Nov 08)
- <Possible follow-ups>
- RE: Firewall hits/unknown ports Barber, Chris (Nov 05)
- Re: Firewall hits/unknown ports freehold (Nov 05)
- Re: Firewall hits/unknown ports Stephen (Nov 04)