Security Incidents mailing list archives
unusual traffic - port 60295
From: jdurick <jdurick () mitre org>
Date: Wed, 24 Mar 2004 22:46:50 -0500
I am seeing alot of hits to my external fw int at home to port 60295/tcp, a quick google search says mailscanner, anyone else seeing this type of traffic or can make sense of it? When I check on the hit count (unique) - ra -nr all.arg | awk '{print $6}' | cut -d\. -f1-4|sort |uniq -c |sort -rn|head - I get 1165 hits from midnight (today) till 10pm (today) from 67.162.208.7...
--snip--24 Mar 04 22:16:35 tcp 67.162.208.71.91 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:35 tcp 67.162.208.71.482 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:35 tcp 67.162.208.71.38037 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:35 tcp 67.162.208.71.4480 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:35 tcp 67.162.208.71.895 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:35 tcp 67.162.208.71.13702 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:35 tcp 67.162.208.71.125 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:35 tcp 67.162.208.71.3128 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:35 tcp 67.162.208.71.339 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:35 tcp 67.162.208.71.985 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:35 tcp 67.162.208.71.13718 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:34 tcp 67.162.208.71.725 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:34 tcp 67.162.208.71.990 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:34 tcp 67.162.208.71.1351 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:34 tcp 67.162.208.71.994 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:34 tcp 67.162.208.71.485 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:34 tcp 67.162.208.71.3052 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:34 tcp 67.162.208.71.674 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:36 tcp 67.162.208.71.708 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:36 tcp 67.162.208.71.333 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:36 tcp 67.162.208.71.943 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:36 tcp 67.162.208.71.14 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:36 tcp 67.162.208.71.486 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:36 tcp 67.162.208.71.188 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:36 tcp 67.162.208.71.27007 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:36 tcp 67.162.208.71.830 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:36 tcp 67.162.208.71.6111 ?> xx.xx.xxx.xxx.60295 RST 24 Mar 04 22:16:36 tcp 67.162.208.71.349 ?> xx.xx.xxx.xxx.60295 RST
--snip-- tia, jd --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership.Download your free trial at http://www.securityfocus.com/sponsor/Astaro_incidents_040301
----------------------------------------------------------------------------
Current thread:
- unusual traffic - port 60295 jdurick (Mar 25)