TCP probe on port 35540 from port 1
From: Paul Gear (paulgear@bigfoot.com)Date: 07/25/01
- Previous message: Gary Flynn: "Re: Tracking SirCam"
- Next in thread: Kester, Kelly: "RE: TCP probe on port 35540 from port 1"
- Reply: Kester, Kelly: "RE: TCP probe on port 35540 from port 1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3B5F38AA.53EF09B6@bigfoot.com> Date: Thu, 26 Jul 2001 07:22:50 +1000 From: Paul Gear <paulgear@bigfoot.com> To: SecurityFocus Incidents List <incidents@securityfocus.com> Subject: TCP probe on port 35540 from port 1
Anyone seen a probe like this lately?
Jul 23 11:45:53 ### kernel: Packet log: input DENY ppp0 PROTO=6
172.185.150.94:1 ###:35540 L=40 S=0x00
I=2815 F=0x0000 T=35 (#66)
This was the only packet of its type, and there didn't seem to be
anything else happening at the time. The source address looks up to
ACB9965E.ipt.aol.com.
As there is no SYN flag, it seems this is from some sort of
cracking/security tool, but i'm not sure what. The source port of
tcpmux is curious.
Paul
http://paulgear.webhop.net
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Gary Flynn: "Re: Tracking SirCam"
- Next in thread: Kester, Kelly: "RE: TCP probe on port 35540 from port 1"
- Reply: Kester, Kelly: "RE: TCP probe on port 35540 from port 1"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
