Surge of attacks on ports 61127 & 61134

From: Joseph (joseph@netSecureLabs.CA)
Date: 07/25/02


Date: Thu, 25 Jul 2002 14:55:33 -0400 (EDT)
From: Joseph <joseph@netSecureLabs.CA>
To: incidents@securityfocus.com


This morning my logs showed me a surge of new UDP packets attacks, mainly
to ports 61127 & 61134 . I can't find any info on this, so I'm wondering
what it can be.

It seems very well known, if I can say, because source IPs are from
everywhere, I must have gotten a good 50-80 probes.

I see alot different *dip.t-dialin.net orgin sources, which
*dip.t-dialin.net seems to make the top 10 attack list at dshield and
incidents' website.

Curious, new virus? or attack tool?

I don't have a log of the packet, justs its denial attempt. Normally, all
my attacks are standard stuff, this pops out like really new...

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • Code Red honeypot + SMTP logger/alerter
    ... logs via SMTP to the email addressof your ... attacks per minute on a single IP address. ... ARIS email notification format ( ... then uncomment the ARIS recipient line in the source code). ...
    (Incidents)
  • Re: Newbie needs more help.. almost hacked, 3 simple questions
    ... The attack I belive came from the web interface to sign into the SBS. ... to simply put the attacks look like that came from someone trying to ... What ports are open? ... Leave the logs.. ...
    (microsoft.public.windows.server.sbs)
  • Re: Programmatically ban IPs within IIS 5.0 and W2k
    ... check the logs for detected attacks, report them to the ... detects in the IIS ... >logs should already be blocked. ...
    (microsoft.public.inetserver.iis.security)
  • Re: unsuccessful hacking attempt at my machine
    ... Since I saw very similar logs at my friend's ... I see these attacks almost everyday on every machine that has sshd ... The script is designed to run unattended, ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ...
    (comp.os.linux.security)
  • Re: Wanted: the SYMBOL utility for Itanium
    ... threatening to remove me from their search results. ... it's not really laughable) look at your logs sometime and separate the ... It can be hard to separate the real users from the bots. ... what are "routine" attacks and what might indicate a new attack vector. ...
    (comp.os.vms)