[prev in list] [next in list] [prev in thread] [next in thread]
List: intrusions
Subject: Distributed scan to ports 12345 and 27374
From: Serge Droz <serge.droz () psi ! ch>
Date: 2002-06-03 15:11:38
[Download RAW message or body]
Since the beginning of the month we see SYN scans for port
12345 and 27374 arriving at our class B net.
Typically each scanner scans three subsequent class C subnets
(i.e. a.b.100.*, a.b.101.* ,a.b.102.*).
Some seem to scan six.
Typically, a scan sends around 900-1000 packets.
All the systems seem to windows systems (meaning port 129 is open).
The scans last for couple of minutes and started last week.
No new scans occurred since 2:30 pm CEST.
Taking all these scans together our entire address range is
covered.
I've started a tcpdump session, hoping to catch the data
Any ideas?
Anyone else seeing this?
Cheers
Serge
--
Serge Droz
Paul Scherrer Institut mailto:serge.droz@psi.ch
CH-5232 Villigen PSI Phone: ++41 56 310 3637
Fax: ++41 56 310 3649
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic