Re: increased attacks on port 2599
From: H C (keydet89@yahoo.com)
Date: 11/23/02
- Previous message: Valdis.Kletnieks@vt.edu: "Re: Proxy server hit... Any ideas?"
- In reply to: Esler, Joel -- Sytex Contractor: "increased attacks on port 2599"
- Next in thread: Esler, Joel -- Sytex Contractor: "RE: increased attacks on port 2599"
- Reply: Esler, Joel -- Sytex Contractor: "RE: increased attacks on port 2599"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 23 Nov 2002 06:05:20 -0800 (PST) From: H C <keydet89@yahoo.com> To: "Esler, Joel -- Sytex Contractor" <joel.esler@us.army.mil>, incidents@securityfocus.com
Joel,
All I see are SYN packets...where are the 'attacks'
you mention?
--- "Esler, Joel -- Sytex Contractor"
<joel.esler@us.army.mil> wrote:
> I have started to notice an increased amount of
> attacks @ port 2599...
> ssh2. Can anyone confirm this, or has seen a new
> exploit out for this port?
>
> FWIN,2002/11/21,02:04:36 -5:00
> GMT,138.23.59.235:3069,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:05:26 -5:00
> GMT,66.125.94.236:3169,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:07:56 -5:00
> GMT,138.23.59.235:3076,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:10:50 -5:00
> GMT,138.23.59.235:3088,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:11:30 -5:00
> GMT,138.23.59.235:3092,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:11:58 -5:00
> GMT,138.23.59.235:3095,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:13:22 -5:00
> GMT,138.23.59.235:3105,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:13:52 -5:00
> GMT,138.23.59.235:3108,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:17:00 -5:00
> GMT,138.23.59.235:3117,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:17:50 -5:00
> GMT,138.23.59.235:3121,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:22:02 -5:00
> GMT,138.23.59.235:3133,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:22:56 -5:00
> GMT,138.23.59.235:3137,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:27:02 -5:00
> GMT,138.23.59.235:3148,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:27:56 -5:00
> GMT,138.23.59.235:3152,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:28:52 -5:00
> GMT,138.23.59.235:3159,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:29:50 -5:00
> GMT,138.23.59.235:3168,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:29:58 -5:00
> GMT,138.23.59.235:3171,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:30:20 -5:00
> GMT,138.23.59.235:3175,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:31:26 -5:00
> GMT,138.23.59.235:3179,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:31:52 -5:00
> GMT,152.38.26.111:33651,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:36:26 -5:00
> GMT,138.23.59.235:3193,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:40:52 -5:00
> GMT,172.159.203.19:2708,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:41:28 -5:00
> GMT,138.23.59.235:3214,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:45:36 -5:00
> GMT,138.23.59.235:3225,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:46:10 -5:00
> GMT,138.23.59.235:3229,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:46:40 -5:00
> GMT,138.23.59.235:3235,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:47:18 -5:00
> GMT,138.23.59.235:3239,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:50:32 -5:00
> GMT,138.23.59.235:3251,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:55:34 -5:00
> GMT,138.23.59.235:3264,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:56:04 -5:00
> GMT,138.23.59.235:3267,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:56:36 -5:00
> GMT,138.23.59.235:3271,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:57:24 -5:00
> GMT,138.23.59.235:3275,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,03:05:40 -5:00
> GMT,129.71.156.115:44307,65.80.164xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,03:34:10 -5:00
> GMT,152.38.26.111:41467,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,03:51:42 -5:00
> GMT,152.38.26.111:43364,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,06:54:36 -5:00
> GMT,172.132.176.78:2102,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,08:05:26 -5:00
> GMT,129.71.156.115:36744,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,09:00:08 -5:00
> GMT,172.159.203.19:2133,65.80.164.xx:2599,TCP
> (flags:S)
>
>
> Any thoughts?
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system
> (http://www.grisoft.com).
> Version: 6.0.419 / Virus Database: 235 - Release
> Date: 11/13/2002
>
>
>
----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS
> analyzer service.
> For more information on this free incident handling,
> management
> and tracking system please see:
> http://aris.securityfocus.com
>
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus – Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Next message: John Hall: "Re: Strange apache logs: CONNECT maila.microsoft.com:25"
- Previous message: Valdis.Kletnieks@vt.edu: "Re: Proxy server hit... Any ideas?"
- In reply to: Esler, Joel -- Sytex Contractor: "increased attacks on port 2599"
- Next in thread: Esler, Joel -- Sytex Contractor: "RE: increased attacks on port 2599"
- Reply: Esler, Joel -- Sytex Contractor: "RE: increased attacks on port 2599"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
