Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Strange "shotgun" scan

From: Ken Hodges <khodges () wng com>
Date: 9 May 2002 17:30:09 -0000



Has anyone seen this type of scan before? I received close 
to 10K scans during a 15 minute period. It appears that the 
person was scanning totally random ports on all of my IP 
range. Just curious if it is some known program, or if 
anyone has seen this before.

Thanks.
Ken.
May  8 18:56:26 24.165.73.85:2070 -> 206.40.XXX.XXA:394 SYN 
12****S* 
May  8 18:56:26 24.165.73.85:2071 -> 206.40.XXX.XXA:478 SYN 
12****S* 
May  8 18:56:26 24.165.73.85:2072 -> 206.40.XXX.XXA:770 SYN 
12****S* 
May  8 18:56:26 24.165.73.85:2073 -> 206.40.XXX.XXA:350 SYN 
12****S* 
May  8 18:56:26 24.165.73.85:2074 -> 206.40.XXX.XXA:126 SYN 
12****S* 
May  8 18:56:26 24.165.73.85:2075 -> 206.40.XXX.XXA:3462 
SYN 12****S* 
May  8 18:56:26 24.165.73.85:2076 -> 206.40.XXX.XXA:1003 
SYN 12****S* 
May  8 18:56:26 24.165.73.85:2077 -> 206.40.XXX.XXA:1546 
SYN 12****S* 
May  8 18:56:26 24.165.73.85:2078 -> 206.40.XXX.XXA:980 SYN 
12****S* 
May  8 18:56:26 24.165.73.85:2079 -> 206.40.XXX.XXA:680 SYN 
12****S* 
May  8 18:56:27 24.165.73.85:2100 -> 206.40.XXX.XXA:819 SYN 
12****S* 
May  8 18:56:27 24.165.73.85:2101 -> 206.40.XXX.XXA:749 SYN 
12****S* 
May  8 18:56:27 24.165.73.85:2102 -> 206.40.XXX.XXA:727 SYN 
12****S* 
May  8 18:56:27 24.165.73.85:2103 -> 206.40.XXX.XXA:412 SYN 
12****S* 
May  8 18:56:27 24.165.73.85:2104 -> 206.40.XXX.XXA:5432 
SYN 12****S* 
May  8 18:56:27 24.165.73.85:2105 -> 206.40.XXX.XXA:554 SYN 
12****S* 
May  8 18:56:27 24.165.73.85:2106 -> 206.40.XXX.XXA:1989 
SYN 12****S* 
May  8 18:56:27 24.165.73.85:2107 -> 206.40.XXX.XXA:460 SYN 
12****S* 
May  8 18:56:27 24.165.73.85:2108 -> 206.40.XXX.XXA:696 SYN 
12****S* 
May  8 18:56:27 24.165.73.85:2109 -> 206.40.XXX.XXA:1998 
SYN 12****S* 
May  8 18:56:28 24.165.73.85:2130 -> 206.40.XXX.XXA:867 SYN 
12****S* 
May  8 18:56:28 24.165.73.85:2131 -> 206.40.XXX.XXA:776 SYN 
12****S* 
May  8 18:56:28 24.165.73.85:2132 -> 206.40.XXX.XXA:799 SYN 
12****S* 
May  8 18:56:28 24.165.73.85:2133 -> 206.40.XXX.XXA:1419 
SYN 12****S* 
May  8 18:56:28 24.165.73.85:2134 -> 206.40.XXX.XXA:970 SYN 
12****S* 
May  8 18:56:28 24.165.73.85:2135 -> 206.40.XXX.XXA:20 SYN 
12****S* 
May  8 18:56:28 24.165.73.85:2136 -> 206.40.XXX.XXA:67 SYN 
12****S* 

And it goes on and on....

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: