RE: increased attacks on port 2599

From: H C (keydet89@yahoo.com)
Date: 11/24/02

Next message: Jose Nazario: "Re: Compromised FBSD/Apache"

Previous message: Hugo van der Kooij: "SMTP harrasment by nie2.infomail.es?"
In reply to: Esler, Joel -- Sytex Contractor: "RE: increased attacks on port 2599"
Next in thread: gminick: "Re: increased attacks on port 2599"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 24 Nov 2002 07:14:05 -0800 (PST)
From: H C <keydet89@yahoo.com>
To: "Esler, Joel -- Sytex Contractor" <joel.esler@us.army.mil>, incidents@securityfocus.com

Joel,

Did you do a search of any kind? A quick and simple
Google search turned up Meridian Data (SNAP servers at
meridian-data.com).

--- "Esler, Joel -- Sytex Contractor"
<joel.esler@us.army.mil> wrote:
> well I don't have whole captures of the packets.
> But something was trying
> to connect to TCP port 2599. I don't know what that
> is.
>
> -----Original Message-----
> From: H C [mailto:keydet89@yahoo.com]
> Sent: Saturday, November 23, 2002 9:05 AM
> To: Esler, Joel -- Sytex Contractor;
> incidents@securityfocus.com
> Subject: Re: increased attacks on port 2599
>
>
> Joel,
>
> All I see are SYN packets...where are the 'attacks'
> you mention?
>
>
> --- "Esler, Joel -- Sytex Contractor"
> <joel.esler@us.army.mil> wrote:
> > I have started to notice an increased amount of
> > attacks @ port 2599...
> > ssh2. Can anyone confirm this, or has seen a new
> > exploit out for this port?
> >
> > FWIN,2002/11/21,02:04:36 -5:00
> > GMT,138.23.59.235:3069,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:05:26 -5:00
> > GMT,66.125.94.236:3169,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:07:56 -5:00
> > GMT,138.23.59.235:3076,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:10:50 -5:00
> > GMT,138.23.59.235:3088,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:11:30 -5:00
> > GMT,138.23.59.235:3092,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:11:58 -5:00
> > GMT,138.23.59.235:3095,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:13:22 -5:00
> > GMT,138.23.59.235:3105,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:13:52 -5:00
> > GMT,138.23.59.235:3108,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:17:00 -5:00
> > GMT,138.23.59.235:3117,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:17:50 -5:00
> > GMT,138.23.59.235:3121,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:22:02 -5:00
> > GMT,138.23.59.235:3133,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:22:56 -5:00
> > GMT,138.23.59.235:3137,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:27:02 -5:00
> > GMT,138.23.59.235:3148,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:27:56 -5:00
> > GMT,138.23.59.235:3152,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:28:52 -5:00
> > GMT,138.23.59.235:3159,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:29:50 -5:00
> > GMT,138.23.59.235:3168,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:29:58 -5:00
> > GMT,138.23.59.235:3171,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:30:20 -5:00
> > GMT,138.23.59.235:3175,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:31:26 -5:00
> > GMT,138.23.59.235:3179,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:31:52 -5:00
> > GMT,152.38.26.111:33651,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:36:26 -5:00
> > GMT,138.23.59.235:3193,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:40:52 -5:00
> > GMT,172.159.203.19:2708,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:41:28 -5:00
> > GMT,138.23.59.235:3214,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:45:36 -5:00
> > GMT,138.23.59.235:3225,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:46:10 -5:00
> > GMT,138.23.59.235:3229,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:46:40 -5:00
> > GMT,138.23.59.235:3235,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:47:18 -5:00
> > GMT,138.23.59.235:3239,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:50:32 -5:00
> > GMT,138.23.59.235:3251,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:55:34 -5:00
> > GMT,138.23.59.235:3264,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:56:04 -5:00
> > GMT,138.23.59.235:3267,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:56:36 -5:00
> > GMT,138.23.59.235:3271,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,02:57:24 -5:00
> > GMT,138.23.59.235:3275,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,03:05:40 -5:00
> > GMT,129.71.156.115:44307,65.80.164xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,03:34:10 -5:00
> > GMT,152.38.26.111:41467,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,03:51:42 -5:00
> > GMT,152.38.26.111:43364,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,06:54:36 -5:00
> > GMT,172.132.176.78:2102,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,08:05:26 -5:00
> > GMT,129.71.156.115:36744,65.80.164.xx:2599,TCP
> > (flags:S)
> > FWIN,2002/11/21,09:00:08 -5:00
> > GMT,172.159.203.19:2133,65.80.164.xx:2599,TCP
> > (flags:S)
> >
> >
> > Any thoughts?
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system
> > (http://www.grisoft.com).
> > Version: 6.0.419 / Virus Database: 235 - Release
> > Date: 11/13/2002
> >
> >
> >
>
----------------------------------------------------------------------------
> > This list is provided by the SecurityFocus ARIS
> > analyzer service.
> > For more information on this free incident
> handling,
> > management
> > and tracking system please see:
> > http://aris.securityfocus.com
> >
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus Powerful. Affordable. Sign up
> now.
> http://mailplus.yahoo.com
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system
> (http://www.grisoft.com).
> Version: 6.0.419 / Virus Database: 235 - Release
> Date: 11/13/2002
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system
> (http://www.grisoft.com).
> Version: 6.0.419 / Virus Database: 235 - Release
> Date: 11/13/2002
>

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus – Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Next message: Jose Nazario: "Re: Compromised FBSD/Apache"
Previous message: Hugo van der Kooij: "SMTP harrasment by nie2.infomail.es?"
In reply to: Esler, Joel -- Sytex Contractor: "RE: increased attacks on port 2599"
Next in thread: gminick: "Re: increased attacks on port 2599"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: increased attacks on port 2599
... increased attacks on port 2599 ... > Outgoing mail is certified Virus Free. ... Incoming mail is certified Virus Free. ... Checked by AVG anti-virus system. ...
(Incidents)
RE: Reading from a LAT device
... > could jam up the port. ... poisoning is significantly worse than ASCII poisoning, ... Incoming mail is certified Virus Free. ... Checked by AVG anti-virus system. ...
(comp.os.vms)
RE: PORT 1040 AND 1116
... Subject: PORT 1040 AND 1116 ... Star Internet for details on the Virus Scanning Service. ... Incoming mail is certified Virus Free. ... Checked by AVG anti-virus system. ...
(Security-Basics)
increased attacks on port 2599
... I have started to notice an increased amount of attacks @ port 2599... ... ssh2. ... Outgoing mail is certified Virus Free. ... Checked by AVG anti-virus system. ...
(Incidents)
RE: PORT 1040 AND 1116
... Subject: PORT 1040 AND 1116 ... Star Internet for details on the Virus Scanning Service. ... Incoming mail is certified Virus Free. ... Checked by AVG anti-virus system. ...
(Security-Basics)