Interesting scan to ports 1999-2000
From: wirepair (wirepair@roguemail.net)Date: 05/23/02
- Previous message: wirepair: "1999-2000 oops"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "wirepair" <wirepair@roguemail.net> To: incidents@securityfocus.com Date: Thu, 23 May 2002 03:46:33 -0700
Anyone else see this scan come across? It came from a .kr
(big surprise i know). Did a quick search and apparently
someones seen it before, this something we should be
concerned about? (1999 == cisco i don't think thats what
they're looking for) (2000 == answerbook that looks a bit
better...) Here we go again!
-wire
[**] [1:620:1] SCAN Proxy attempt [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/22-21:02:32.635898 xx.xx.xx.xx:1999 -> my.ip.ip.ip:8080
TCP TTL:108 TOS:0x0 ID:62984 IpLen:20 DgmLen:48 DF
******S* Seq: 0x55563D20 Ack: 0x0 Win: 0x4000 TcpLen:
28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
[**] [1:618:1] INFO - Possible Squid Scan [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/22-21:02:32.636840 xx.xx.xx.xx:2000 -> my.ip.ip.ip:3128
TCP TTL:108 TOS:0x0 ID:62985 IpLen:20 DgmLen:48 DF
******S* Seq: 0x5556CEA2 Ack: 0x0 Win: 0x4000 TcpLen:
28
TCP Options (4) => MSS: 1460 NOP NOP SackOK
_____________________________
For the best comics, toys, movies, and more,
please visit <http://www.tfaw.com/?qt=wmf>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: wirepair: "1999-2000 oops"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
