RE: increased attacks on port 2599

From: Esler, Joel -- Sytex Contractor (joel.esler@us.army.mil)
Date: 11/23/02

Next message: Joswiak, Johnny G.: "RE: FTP and Win2K changed security policy"

Previous message: Krueger Lawrence: "RE: Port 1080"
In reply to: H C: "Re: increased attacks on port 2599"
Next in thread: H C: "RE: increased attacks on port 2599"
Reply: H C: "RE: increased attacks on port 2599"
Reply: gminick: "Re: increased attacks on port 2599"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 23 Nov 2002 17:41:12 -0500
From: "Esler, Joel -- Sytex Contractor" <joel.esler@us.army.mil>
To: H C <keydet89@yahoo.com>, incidents@securityfocus.com

well I don't have whole captures of the packets. But something was trying
to connect to TCP port 2599. I don't know what that is.

-----Original Message-----
From: H C [mailto:keydet89@yahoo.com]
Sent: Saturday, November 23, 2002 9:05 AM
To: Esler, Joel -- Sytex Contractor; incidents@securityfocus.com
Subject: Re: increased attacks on port 2599

Joel,

All I see are SYN packets...where are the 'attacks'
you mention?

--- "Esler, Joel -- Sytex Contractor"
<joel.esler@us.army.mil> wrote:
> I have started to notice an increased amount of
> attacks @ port 2599...
> ssh2. Can anyone confirm this, or has seen a new
> exploit out for this port?
>
> FWIN,2002/11/21,02:04:36 -5:00
> GMT,138.23.59.235:3069,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:05:26 -5:00
> GMT,66.125.94.236:3169,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:07:56 -5:00
> GMT,138.23.59.235:3076,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:10:50 -5:00
> GMT,138.23.59.235:3088,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:11:30 -5:00
> GMT,138.23.59.235:3092,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:11:58 -5:00
> GMT,138.23.59.235:3095,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:13:22 -5:00
> GMT,138.23.59.235:3105,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:13:52 -5:00
> GMT,138.23.59.235:3108,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:17:00 -5:00
> GMT,138.23.59.235:3117,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:17:50 -5:00
> GMT,138.23.59.235:3121,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:22:02 -5:00
> GMT,138.23.59.235:3133,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:22:56 -5:00
> GMT,138.23.59.235:3137,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:27:02 -5:00
> GMT,138.23.59.235:3148,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:27:56 -5:00
> GMT,138.23.59.235:3152,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:28:52 -5:00
> GMT,138.23.59.235:3159,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:29:50 -5:00
> GMT,138.23.59.235:3168,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:29:58 -5:00
> GMT,138.23.59.235:3171,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:30:20 -5:00
> GMT,138.23.59.235:3175,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:31:26 -5:00
> GMT,138.23.59.235:3179,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:31:52 -5:00
> GMT,152.38.26.111:33651,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:36:26 -5:00
> GMT,138.23.59.235:3193,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:40:52 -5:00
> GMT,172.159.203.19:2708,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:41:28 -5:00
> GMT,138.23.59.235:3214,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:45:36 -5:00
> GMT,138.23.59.235:3225,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:46:10 -5:00
> GMT,138.23.59.235:3229,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:46:40 -5:00
> GMT,138.23.59.235:3235,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:47:18 -5:00
> GMT,138.23.59.235:3239,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:50:32 -5:00
> GMT,138.23.59.235:3251,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:55:34 -5:00
> GMT,138.23.59.235:3264,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:56:04 -5:00
> GMT,138.23.59.235:3267,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:56:36 -5:00
> GMT,138.23.59.235:3271,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:57:24 -5:00
> GMT,138.23.59.235:3275,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,03:05:40 -5:00
> GMT,129.71.156.115:44307,65.80.164xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,03:34:10 -5:00
> GMT,152.38.26.111:41467,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,03:51:42 -5:00
> GMT,152.38.26.111:43364,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,06:54:36 -5:00
> GMT,172.132.176.78:2102,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,08:05:26 -5:00
> GMT,129.71.156.115:36744,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,09:00:08 -5:00
> GMT,172.159.203.19:2133,65.80.164.xx:2599,TCP
> (flags:S)
>
>
> Any thoughts?
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system
> (http://www.grisoft.com).
> Version: 6.0.419 / Virus Database: 235 - Release
> Date: 11/13/2002
>
>
>
----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS
> analyzer service.
> For more information on this free incident handling,
> management
> and tracking system please see:
> http://aris.securityfocus.com
>

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.419 / Virus Database: 235 - Release Date: 11/13/2002
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.419 / Virus Database: 235 - Release Date: 11/13/2002
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Joswiak, Johnny G.: "RE: FTP and Win2K changed security policy"
Previous message: Krueger Lawrence: "RE: Port 1080"
In reply to: H C: "Re: increased attacks on port 2599"
Next in thread: H C: "RE: increased attacks on port 2599"
Reply: H C: "RE: increased attacks on port 2599"
Reply: gminick: "Re: increased attacks on port 2599"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: dijkstra algorithm by object oriented
... But i don't know if i'm going in the rigth way. ... Incoming mail is certified Virus Free. ... Checked by AVG anti-virus system. ... Outgoing mail is certified Virus Free. ...
(comp.lang.python)
Re: temp file
... > "Kees Spierings" wrote in message ... > Outgoing mail is certified Virus Free. ... > Checked by AVG anti-virus system. ...
(microsoft.public.windowsxp.perform_maintain)
Re: Printing Excel object
... >>Then copy and paste into Publisher. ... >>>>Outgoing mail is certified Virus Free. ... >>>>Checked by AVG anti-virus system ... >>Outgoing mail is certified Virus Free. ...
(microsoft.public.publisher)
Re: Array limit
... > It's easier to beg forgiveness than ask permission :-) ... > Outgoing mail is certified Virus Free. ... > Checked by AVG anti-virus system. ...
(microsoft.public.excel.programming)
Re: File size huge but file is empty
... "Gaggsy" wrote in message ... Outgoing mail is certified Virus Free. ... Checked by AVG anti-virus system. ...
(microsoft.public.excel.misc)