Security Incidents mailing list archives

Re: UDP Port Sweep question

From: Tim <tim-forensics () sentinelchicken org>
Date: Wed, 29 Dec 2004 14:24:37 -0500

Here is some more info regarding the port sweeps.  The port the client
is being hit on seems to vary.  The client is being hit on the same 8
port range from each IP port 33434-33460.  All 3 sensors from the 3
different clients show the same destination port range.  The sensors are
cisco IDS sensors and I am unsure as to how to get the actual packet
from the event.


Looks like it might just bee traceroutes to me:
  http://linux-ip.net/html/tools-traceroute.html

Do these companies have anyone monitoring their connectivity from the
outside?

tim

Current thread:

UDP Port Sweep question Billy Dodson (Dec 28)
- Re: UDP Port Sweep question Tim (Dec 29)
- Re: UDP Port Sweep question Kyle Maxwell (Dec 29)
- Re: UDP Port Sweep question Ron (Dec 29)
- <Possible follow-ups>
- Re: UDP Port Sweep question Don Parker (Dec 29)
- RE: UDP Port Sweep question Billy Dodson (Dec 29)
  - RE: UDP Port Sweep question David Gillett (Dec 29)
  - Re: UDP Port Sweep question Tim (Dec 29)
  - RE: UDP Port Sweep question Jack McCarthy (Dec 29)
  - RE: UDP Port Sweep question Benjamin Franz (Dec 29)
- RE: UDP Port Sweep question Colby DeRodeff (Dec 29)
  - Re: UDP Port Sweep question Francesca Smith (Dec 30)