Port 113 requests?
From: Michael Ward (Mward@roseglen.com)Date: 12/06/01
- Previous message: Michael Garafola: "RE: Gone Worm"
- Next in thread: Chris Wilkes: "Re: Port 113 requests?"
- Reply: Chris Wilkes: "Re: Port 113 requests?"
- Reply: Ryan Russell: "Re: Port 113 requests?"
- Reply: Slighter, Tim: "RE: Port 113 requests?"
- Reply: Chris Keladis: "RE: Port 113 requests?"
- Reply: Brian Cervenka: "RE: Port 113 requests?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 6 Dec 2001 13:51:57 -0500 From: "Michael Ward" <Mward@roseglen.com> To: <incidents@securityfocus.com>
I have been receiving the following entries at my firewall for since
noon US Eastern Time (-5:00) on 12/4/01.
They have been coming every 15 minutes since then. I notified the owner
of the IP's and he hasn't responded yet.
Does anyone recognize this and could possibly fill me in on some
theories...
(Note: I have edited out source and dest. IP info) I just want to know
if anyone recognizes the pattern...
12/04/2001 11:59:30.336 - TCP connection dropped -
Source:mail.domain-i-edited.com, 40454, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/04/2001 12:00:52.832 - TCP connection dropped -
Source:nat24.domain-i-edited.com, 3102, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/04/2001 12:01:54.032 - TCP connection dropped -
Source:mail.domain-i-edited.com, 41027, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/04/2001 12:12:16.256 - TCP connection dropped -
Source:mail.domain-i-edited.com, 43335, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/04/2001 12:22:54.128 - TCP connection dropped -
Source:mail.domain-i-edited.com, 45612, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/04/2001 12:22:54.736 - TCP connection dropped -
Source:nat24.domain-i-edited.com, 3323, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
and then it seemed to break up into 15 minute increments.... we'll
continue a few hours later to save space..
12/04/2001 20:32:41.880 - TCP connection dropped -
Source:mail.domain-i-edited.com, 41648, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/04/2001 20:47:53.128 - TCP connection dropped -
Source:mail.domain-i-edited.com, 46169, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
so on and so forth... every fifteen minutes...
12/05/2001 07:24:42.752 - TCP connection dropped -
Source:mail.domain-i-edited.com, 39828, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/05/2001 07:24:43.080 - TCP connection dropped -
Source:nat24.domain-i-edited.com, 3865, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/05/2001 07:40:09.544 - TCP connection dropped -
Source:mail.domain-i-edited.com, 42777, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/05/2001 07:55:31.320 - TCP connection dropped -
Source:mail.domain-i-edited.com, 45697, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/05/2001 08:10:52.560 - TCP connection dropped -
Source:mail.domain-i-edited.com, 48479, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/05/2001 08:10:52.848 - TCP connection dropped -
Source:nat24.domain-i-edited.com, 4570, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/05/2001 08:25:53.160 - TCP connection dropped -
Source:mail.domain-i-edited.com, 51350, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/05/2001 08:41:15.896 - TCP connection dropped -
Source:mail.domain-i-edited.com, 54279, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/05/2001 08:41:16.288 - TCP connection dropped -
Source:nat24.domain-i-edited.com, 4925, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/05/2001 08:56:21.000 - TCP connection dropped -
Source:mail.domain-i-edited.com, 57035, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/05/2001 08:56:21.272 - TCP connection dropped -
Source:nat24.domain-i-edited.com, 1138, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/05/2001 09:11:26.288 - TCP connection dropped -
Source:mail.domain-i-edited.com, 59912, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/05/2001 09:11:26.576 - TCP connection dropped -
Source:nat24.domain-i-edited.com, 1351, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/05/2001 09:26:27.944 - TCP connection dropped -
Source:mail.domain-i-edited.com, 34476, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/05/2001 09:26:28.256 - TCP connection dropped -
Source:nat24.domain-i-edited.com, 1527, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/05/2001 09:41:30.400 - TCP connection dropped -
Source:mail.domain-i-edited.com, 37415, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
12/05/2001 09:41:30.768 - TCP connection dropped -
Source:nat24.domain-i-edited.com, 1775, WAN -
Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32
continuing as I send this....
Thanks,
Michael Ward
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Michael Garafola: "RE: Gone Worm"
- Next in thread: Chris Wilkes: "Re: Port 113 requests?"
- Reply: Chris Wilkes: "Re: Port 113 requests?"
- Reply: Ryan Russell: "Re: Port 113 requests?"
- Reply: Slighter, Tim: "RE: Port 113 requests?"
- Reply: Chris Keladis: "RE: Port 113 requests?"
- Reply: Brian Cervenka: "RE: Port 113 requests?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
