increased attacks on port 2599

• Previous message: Russell Harding: "Re: Proxy server hit... Any ideas?"
• In reply to: Hernan Otero: "Re: Compromised FBSD/Apache"
• Next in thread: H C: "Re: increased attacks on port 2599"
• Reply: H C: "Re: increased attacks on port 2599"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 21 Nov 2002 10:23:14 -0500
From: "Esler, Joel -- Sytex Contractor" <joel.esler@us.army.mil>
To: incidents@securityfocus.com

I have started to notice an increased amount of attacks @ port 2599...
ssh2. Can anyone confirm this, or has seen a new exploit out for this port?

FWIN,2002/11/21,02:04:36 -5:00 GMT,138.23.59.235:3069,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:05:26 -5:00 GMT,66.125.94.236:3169,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:07:56 -5:00 GMT,138.23.59.235:3076,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:10:50 -5:00 GMT,138.23.59.235:3088,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:11:30 -5:00 GMT,138.23.59.235:3092,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:11:58 -5:00 GMT,138.23.59.235:3095,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:13:22 -5:00 GMT,138.23.59.235:3105,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:13:52 -5:00 GMT,138.23.59.235:3108,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:17:00 -5:00 GMT,138.23.59.235:3117,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:17:50 -5:00 GMT,138.23.59.235:3121,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:22:02 -5:00 GMT,138.23.59.235:3133,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:22:56 -5:00 GMT,138.23.59.235:3137,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:27:02 -5:00 GMT,138.23.59.235:3148,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:27:56 -5:00 GMT,138.23.59.235:3152,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:28:52 -5:00 GMT,138.23.59.235:3159,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:29:50 -5:00 GMT,138.23.59.235:3168,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:29:58 -5:00 GMT,138.23.59.235:3171,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:30:20 -5:00 GMT,138.23.59.235:3175,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:31:26 -5:00 GMT,138.23.59.235:3179,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:31:52 -5:00 GMT,152.38.26.111:33651,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:36:26 -5:00 GMT,138.23.59.235:3193,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:40:52 -5:00 GMT,172.159.203.19:2708,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:41:28 -5:00 GMT,138.23.59.235:3214,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:45:36 -5:00 GMT,138.23.59.235:3225,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:46:10 -5:00 GMT,138.23.59.235:3229,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:46:40 -5:00 GMT,138.23.59.235:3235,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:47:18 -5:00 GMT,138.23.59.235:3239,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:50:32 -5:00 GMT,138.23.59.235:3251,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:55:34 -5:00 GMT,138.23.59.235:3264,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:56:04 -5:00 GMT,138.23.59.235:3267,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:56:36 -5:00 GMT,138.23.59.235:3271,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,02:57:24 -5:00 GMT,138.23.59.235:3275,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,03:05:40 -5:00 GMT,129.71.156.115:44307,65.80.164xx:2599,TCP
(flags:S)
FWIN,2002/11/21,03:34:10 -5:00 GMT,152.38.26.111:41467,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,03:51:42 -5:00 GMT,152.38.26.111:43364,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,06:54:36 -5:00 GMT,172.132.176.78:2102,65.80.164.xx:2599,TCP
(flags:S)
FWIN,2002/11/21,08:05:26 -5:00
GMT,129.71.156.115:36744,65.80.164.xx:2599,TCP (flags:S)
FWIN,2002/11/21,09:00:08 -5:00 GMT,172.159.203.19:2133,65.80.164.xx:2599,TCP
(flags:S)

Any thoughts?

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.419 / Virus Database: 235 - Release Date: 11/13/2002
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

• Next message: newsletters: "RE: New scanner?"
• Previous message: Russell Harding: "Re: Proxy server hit... Any ideas?"
• In reply to: Hernan Otero: "Re: Compromised FBSD/Apache"
• Next in thread: H C: "Re: increased attacks on port 2599"
• Reply: H C: "Re: increased attacks on port 2599"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]