Security Incidents mailing list archives

unusual traffic - port 60295

From: jdurick <jdurick () mitre org>
Date: Wed, 24 Mar 2004 22:46:50 -0500

I am seeing alot of hits to my external fw int at home to port60295/tcp, a quick google search says mailscanner, anyone else seeingthis type of traffic or can make sense of it? When I check on the hitcount (unique) - ra -nr all.arg | awk '{print $6}' | cut -d\. -f1-4|sort|uniq -c |sort -rn|head - I get 1165 hits from midnight (today) till10pm (today) from 67.162.208.7...


--snip--

24 Mar 04 22:16:35 tcp 67.162.208.71.91 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:35 tcp 67.162.208.71.482 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:35 tcp 67.162.208.71.38037 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:35 tcp 67.162.208.71.4480 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:35 tcp 67.162.208.71.895 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:35 tcp 67.162.208.71.13702 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:35 tcp 67.162.208.71.125 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:35 tcp 67.162.208.71.3128 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:35 tcp 67.162.208.71.339 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:35 tcp 67.162.208.71.985 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:35 tcp 67.162.208.71.13718 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:34 tcp 67.162.208.71.725 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:34 tcp 67.162.208.71.990 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:34 tcp 67.162.208.71.1351 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:34 tcp 67.162.208.71.994 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:34 tcp 67.162.208.71.485 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:34 tcp 67.162.208.71.3052 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:34 tcp 67.162.208.71.674 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:36 tcp 67.162.208.71.708 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:36 tcp 67.162.208.71.333 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:36 tcp 67.162.208.71.943 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:36 tcp 67.162.208.71.14 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:36 tcp 67.162.208.71.486 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:36 tcp 67.162.208.71.188 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:36 tcp 67.162.208.71.27007 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:36 tcp 67.162.208.71.830 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:36 tcp 67.162.208.71.6111 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:36 tcp 67.162.208.71.349 ?>xx.xx.xxx.xxx.60295 RST

--snip--

tia, jd


---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial athttp://www.securityfocus.com/sponsor/Astaro_incidents_040301

----------------------------------------------------------------------------

Current thread:

unusual traffic - port 60295 jdurick (Mar 25)