Odd scan
From: Fulton L. Preston Jr. (prestonfl2@hotmail.com)Date: 01/30/02
- Previous message: Bronek Kozicki: "Re: DDoS to microsoft sites"
- Next in thread: dlaumann@suntzu.net: "RE: Odd scan"
- Reply: dlaumann@suntzu.net: "RE: Odd scan"
- Reply: sgtphou@fire-eyes.yi.org: "Re: Odd scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Fulton L. Preston Jr." <prestonfl2@hotmail.com> To: incidents@securityfocus.com Date: Wed, 30 Jan 2002 00:06:48 -0500
I've seen some interesting scans posted in the past but have never seen this
one. It starts at port 1080 then moves down the usual suspects of 3128,
8080, 81, but then 8081 and 23 show at the end. This is new to me. I have
seen the 80, 8080, 8081, 3128, and 1080 combo but this one is new,
especially the telnet port. New tool looking for recent vulns?
Jan 30 04:56:19 216.133.249.14:38319 -> x.x.x.x:1080 SYN ******S*
Jan 30 04:56:19 216.133.249.14:38323 -> x.x.x.x:3128 SYN ******S*
Jan 30 04:56:19 216.133.249.14:38324 -> x.x.x.x:8080 SYN ******S*
Jan 30 04:56:19 216.133.249.14:38326 -> x.x.x.x:81 SYN ******S*
Jan 30 04:56:19 216.133.249.14:38332 -> x.x.x.x:8081 SYN ******S*
Jan 30 04:56:20 216.133.249.14:38334 -> x.x.x.x:23 SYN ******S*
_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Bronek Kozicki: "Re: DDoS to microsoft sites"
- Next in thread: dlaumann@suntzu.net: "RE: Odd scan"
- Reply: dlaumann@suntzu.net: "RE: Odd scan"
- Reply: sgtphou@fire-eyes.yi.org: "Re: Odd scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
