Snort mailing list archives

RE: port 22 scan

From: "Wirth, Jeff" <WirthJe () DNB com>
Date: Tue, 4 Jun 2002 12:57:31 -0400

From: Gongya Yu [mailto:yu () dhcp-243-81 gongya net]

Hi, all:
      I keep getting port 22 scanning across the whole subnets. The
source port is also 22.  The source ips are 203.198.176.51 (HK),
211.239.122.12 (KR) and 202.185.203.66 (MY).


Welcome to the club! Not a day goes by that we don't see something
originating from HK/KR.  And reflexive scans (same src and dst port) for ssh
is extremely popular.

      Any tools outside can be used to specify the source port when
doing scanning ?


hping, among others...

      Anyone has got the same scanning ?


just this morning. ;-) same stimulus, different HK/KR IP.


- Jeff

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

port 22 scan Gongya Yu (Jun 04)
- <Possible follow-ups>
- RE: port 22 scan Wirth, Jeff (Jun 04)
- Re: port 22 scan Muhammad Faisal Rauf Danka (Jun 04)