A new hack tool - tcp port 3139 ?
From: METE.EMINAGAOGLU@DIGITALPLATFORM.comDate: 03/15/02
- Previous message: Nathan W. Labadie: "Re: increase in smb scans"
- Next in thread: METE.EMINAGAOGLU@DIGITALPLATFORM.com: "RE: A new hack tool - tcp port 3139 ?"
- Reply: METE.EMINAGAOGLU@DIGITALPLATFORM.com: "RE: A new hack tool - tcp port 3139 ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 15 Mar 2002 21:24:32 +0200 From: <METE.EMINAGAOGLU@DIGITALPLATFORM.com> To: <incidents@securityfocus.com>
Hi to all,
Beginning from 6th of March until today, I' ve been continously observing a very strange and presumably dangerous probe (possibly caused by a new trojan or trojan-like tool) in my Firewall logs.
The source IP is different real-world IP' s, the destination IP is always my FW' s outer interface IP, and the service port is tcp 3139.
However, it' s s.thing like a "masked" action. Because, when I analyse the logs in detail, Xlate Dest IP' s are any of our DMZ IP' s (random), and the Xlate Destin Port is,
tcp 80 - http !!!
Has anyone faced this similar oddity? I' ve searched all the sec. sites, news, but nope!!!
Thanks in advance...
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Nathan W. Labadie: "Re: increase in smb scans"
- Next in thread: METE.EMINAGAOGLU@DIGITALPLATFORM.com: "RE: A new hack tool - tcp port 3139 ?"
- Reply: METE.EMINAGAOGLU@DIGITALPLATFORM.com: "RE: A new hack tool - tcp port 3139 ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
