[prev in list] [next in list] [prev in thread] [next in thread]
List: dshield
Subject: [Dshield] New scanner? -- ports: 12345 + 1243 + 27374
From: "Jon R. Kibler" <Jon.Kibler () aset ! com>
Date: 2004-02-29 18:31:27
Message-ID: 40422FFF.7595C8AA () aset ! com
[Download RAW message or body]
Looks like there may be some new type of worm or port scanner. Just started seeing \
these combos since 1700 GMT today. Times on these logs are GMT-0500.
Thoughts anyone?
Jon Kibler
--
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC USA
(843) 849-8214
> Feb 29 13:06:50 border8215 list 110 denied tcp 213.122.158.a(4378) -> \
> w.x.z.50(12345), 1 packet
> Feb 29 13:08:39 border8215 list 110 denied tcp 213.122.158.a(1226) -> \
> w.x.y.64(12345), 1 packet
> Feb 29 13:08:40 border8215 list 110 denied tcp 213.122.158.a(1235) -> \
> w.x.y.67(12345), 1 packet
> Feb 29 13:08:42 border8215 list 110 denied tcp 213.122.158.a(1228) -> \
> w.x.y.64(1243), 1 packet
> Feb 29 13:08:43 border8215 list 110 denied tcp 213.122.158.a(1259) -> \
> w.x.y.75(12345), 1 packet
> Feb 29 13:08:44 border8215 list 110 denied tcp 213.122.158.a(1242) -> \
> w.x.y.69(27374), 1 packet
> Feb 29 13:08:45 border8215 list 110 denied tcp 213.122.158.a(1278) -> \
> w.x.y.81(27374), 1 packet
> Feb 29 13:08:46 border8215 list 110 denied tcp 213.122.158.a(1262) -> \
> w.x.y.76(12345), 1 packet
> Feb 29 13:08:47 border8215 list 110 denied tcp 213.122.158.a(1270) -> \
> w.x.y.78(1243), 1 packet
> Feb 29 13:08:49 border8215 list 110 denied tcp 213.122.158.a(1229) -> \
> w.x.y.65(12345), 1 packet
> Feb 29 13:08:50 border8215 list 110 denied tcp 213.122.158.a(1236) -> \
> w.x.y.67(27374), 1 packet
> Feb 29 13:08:51 border8215 list 110 denied tcp 213.122.158.a(1293) -> \
> w.x.y.86(27374), 1 packet
> Feb 29 13:08:52 border8215 list 110 denied tcp 213.122.158.a(1253) -> \
> w.x.y.73(12345), 1 packet
> Feb 29 13:08:53 border8215 list 110 denied tcp 213.122.158.a(1264) -> \
> w.x.y.76(1243), 1 packet
> Feb 29 13:08:54 border8215 list 110 denied tcp 213.122.158.a(1273) -> \
> w.x.y.79(1243), 1 packet
> Feb 29 13:08:55 border8215 list 110 denied tcp 213.122.158.a(1281) -> \
> w.x.y.82(27374), 1 packet
> Feb 29 13:08:56 border8215 list 110 denied tcp 213.122.158.a(1289) -> \
> w.x.y.85(12345), 1 packet
> Feb 29 13:08:57 border8215 list 110 denied tcp 213.122.158.a(1297) -> \
> w.x.y.87(1243), 1 packet
> Feb 29 13:08:58 border8215 list 110 denied tcp 213.122.158.a(1305) -> \
> w.x.y.90(27374), 1 packet
> Feb 29 13:08:59 border8215 list 110 denied tcp 213.122.158.a(1313) -> \
> w.x.y.93(12345), 1 packet
> Feb 29 13:09:00 border8215 list 110 denied tcp 213.122.158.a(1320) -> \
> w.x.y.95(27374), 1 packet
==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.
_______________________________________________
list mailing list
list@dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic