looking for what? portscan 15000/tcp
From: Fabio Pietrosanti (naif) (naif@blackhats.it)Date: 08/23/02
- Previous message: pj@esec.dk: "Re: Unicode worm?"
- Next in thread: Cushing, David: "RE: looking for what? portscan 15000/tcp"
- Reply: Cushing, David: "RE: looking for what? portscan 15000/tcp"
- Reply: Thomas Cannon: "Re: looking for what? portscan 15000/tcp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 23 Aug 2002 14:08:04 +0200 From: "Fabio Pietrosanti (naif)" <naif@blackhats.it> To: incidents@securityfocus.com
Today i found it on a very important network...
Aug 23 07:34:02 router 548124: Aug 23 07:37:06 MEST: %SEC-6-IPACCESSLOGP: list 103 denied tcp 210.117.126.206(15000) -> xx.xx.1.1(15000), 1 packet
Aug 23 07:34:03 router 548125: Aug 23 07:37:07 MEST: %SEC-6-IPACCESSLOGP: list 103 denied tcp 210.117.126.206(15000) -> xx.xx.1.102(15000), 1 packet
Aug 23 07:34:04 router 548126: Aug 23 07:37:08 MEST: %SEC-6-IPACCESSLOGP: list 103 denied tcp 210.117.126.206(15000) -> xx.xx.1.204(15000), 1 packet
Aug 23 07:34:05 router 548127: Aug 23 07:37:09 MEST: %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.117.126.206(15000) -> xx.xx.2.49(15000), 1 packet
Aug 23 07:34:06 router 548128: Aug 23 07:37:10 MEST: %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.117.126.206(15000) -> xx.xx.2.151(15000), 1 packet
Aug 23 07:34:07 router 548129: Aug 23 07:37:11 MEST: %SEC-6-IPACCESSLOGP: list 105 denied tcp 210.117.126.206(15000) -> xx.xx.2.248(15000), 1 packet
Aug 23 07:34:10 router 548130: Aug 23 07:37:14 MEST: %SEC-6-IPACCESSLOGP: list 101 denied tcp 210.117.126.206(15000) -> xx.xx.4.1(15000), 1 packet
Aug 23 07:34:11 router 548131: Aug 23 07:37:15 MEST: %SEC-6-IPACCESSLOGP: list 101 denied tcp 210.117.126.206(15000) -> xx.xx.4.103(15000), 1 packet
Aug 23 07:34:12 router 548132: Aug 23 07:37:16 MEST: %SEC-6-IPACCESSLOGP: list 101 denied tcp 210.117.126.206(15000) -> xx.xx.4.202(15000), 1 packet
Aug 23 07:34:15 router 548133: Aug 23 07:37:19 MEST: %SEC-6-IPACCESSLOGP: list 101 denied tcp 210.117.126.206(15000) -> xx.xx.6.1(15000), 1 packet
Aug 23 07:34:16 router 548134: Aug 23 07:37:20 MEST: %SEC-6-IPACCESSLOGP: list 101 denied tcp 210.117.126.206(15000) -> xx.xx.6.100(15000), 1 packet
Aug 23 07:34:17 router 548135: Aug 23 07:37:21 MEST: %SEC-6-IPACCESSLOGP: list 101 denied tcp 210.117.126.206(15000) -> xx.xx.6.201(15000), 1 packet
Aug 23 07:34:19 router 548136: Aug 23 07:37:23 MEST: %SEC-6-IPACCESSLOGP: list 101 denied tcp 210.117.126.206(15000) -> xx.xx.7.128(15000), 1 packet
Aug 23 07:34:19 router 548137: Aug 23 07:37:24 MEST: %SEC-6-IPACCESSLOGP: list 107 denied tcp 210.117.126.206(15000) -> xx.xx.7.227(15000), 1 packet
Aug 23 07:37:12 router 548143: Aug 23 07:40:15 MEST: %SEC-6-IPACCESSLOGP: list 103 denied tcp 210.117.126.206(15000) -> xx.xx.74.1(15000), 1 packet
Aug 23 07:37:13 router 548144: Aug 23 07:40:17 MEST: %SEC-6-IPACCESSLOGP: list 103 denied tcp 210.117.126.206(15000) -> xx.xx.74.95(15000), 1 packet
From http://www.thekoala.com/ports.htm i found that could be
- 15000 TCP Netdemon
but i'm curious regarding:
- two scan attempt was done ( 07:37:06 & 07:40:17 )
- why not every host was scanned but only some of them?
Regards
-naif
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: pj@esec.dk: "Re: Unicode worm?"
- Next in thread: Cushing, David: "RE: looking for what? portscan 15000/tcp"
- Reply: Cushing, David: "RE: looking for what? portscan 15000/tcp"
- Reply: Thomas Cannon: "Re: looking for what? portscan 15000/tcp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
