Security Incidents mailing list archives
Fwd: [suse-security] Port 13139 - attack?
From: JW <jw () centraltexasit com>
Date: Sat, 16 Feb 2002 14:58:39 -0600
Forwarded from the SuSE-sec list -- I hope that's ok. If not, sorry.
I am getting a whole series of probes on port 13139 all of a sudden in my firewall log. This started out of the blue about 6 days ago. There will be a string of them coming from a multitude of different IP addresses within a matter of seconds (I would imagine spoofing of the IPs from nmap or a similar tool). Of course the SuSE firewall2 is dropping all of them, but they continue. Has anyone else seen this happen recently. Is there a new attack of some sort which is directed to port 13139? I have never noticed this specific port before with so many hits and now it is starting to rival the old nimba entries in my logs. Thanks, Jim
He mentioned in another post later that it's UDP. ---------------------------------------------------- Jonathan Wilson System Administrator Cedar Creek Software http://www.cedarcreeksoftware.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Fwd: [suse-security] Port 13139 - attack? JW (Feb 17)
- RE: [suse-security] Port 13139 - attack? Richard Stanway (Feb 20)