Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Port 3889 Traffic

From: Eric Ceradsky <eric.ceradsky () sbcglobal net>
Date: Fri, 7 May 2004 16:01:47 -0700 (PDT)
I've been seeing a lot of port 3889 traffic externally
lately but haven't been able to dig up any known
issues with that port.. Used to be one address and
overnight tis quickly spawned to several. Brazil, US,
UK, etc. Anyone have any ideas?

May  7 17:43:48   DROP <INPUT:DE  195.132.138.140 ->
X.X.X.X    4055:3889/tcp S  ppp0
May  7 17:43:54   DROP <INPUT:DE  195.132.138.140 ->
X.X.X.X    4055:3889/tcp S  ppp0
May  7 17:45:31   DROP <INPUT:DE  66.42.241.168   ->
X.X.X.X    2402:3889/tcp S  ppp0
May  7 17:45:34   DROP <INPUT:DE  66.42.241.168   ->
X.X.X.X    2402:3889/tcp S  ppp0
May  7 17:45:40   DROP <INPUT:DE  66.42.241.168   ->
X.X.X.X    2402:3889/tcp S  ppp0
May  7 17:45:52   DROP <INPUT:DE  66.42.241.168   ->
X.X.X.X    2402:3889/tcp S  ppp0
May  7 17:46:09   DROP <INPUT:DE  12.5.121.129    ->
X.X.X.X    3915:3889/tcp S  ppp0
May  7 17:46:10   DROP <INPUT:DE  66.42.241.168   ->
X.X.X.X    2423:3889/tcp S  ppp0
May  7 17:46:12   DROP <INPUT:DE  12.5.121.129    ->
X.X.X.X    3915:3889/tcp S  ppp0
May  7 17:46:13   DROP <INPUT:DE  66.42.241.168   ->
X.X.X.X    2423:3889/tcp S  ppp0
May  7 17:46:18   DROP <INPUT:DE  12.5.121.129    ->
X.X.X.X    3915:3889/tcp S  ppp0
May  7 17:46:19   DROP <INPUT:DE  66.42.241.168   ->
X.X.X.X    2423:3889/tcp S  ppp0
May  7 17:46:31   DROP <INPUT:DE  66.42.241.168   ->
X.X.X.X    2423:3889/tcp S  ppp0
May  7 17:47:01   DROP <INPUT:DE  195.132.138.140 ->
X.X.X.X    4363:3889/tcp S  ppp0
May  7 17:47:04   DROP <INPUT:DE  195.132.138.140 ->
X.X.X.X    4363:3889/tcp S  ppp0
May  7 17:47:10   DROP <INPUT:DE  195.132.138.140 ->
X.X.X.X    4363:3889/tcp S  ppp0

Thanks

---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: