Re: Port 3335

From: Robin Lynn Frank (rlfrank@paradigm-omega.com)
Date: 03/11/03

  • Next message: gabriel rosenkoetter: "Re: Real-world attacks on sendmail CA-2003-07 seen" 
    To: Harlan Carvey <keydet89@yahoo.com>, incidents@securityfocus.com
Date: Mon, 10 Mar 2003 19:09:44 -0700
From: Robin Lynn Frank <rlfrank@paradigm-omega.com>

    On Monday 10 March 2003 11:29 am, Harlan Carvey wrote:
    > Robin,
    >
    > Did you do any research, or happen to set up a
    > listener/proxy to capture any data?
    >
    > Is this TCP or UDP? Was it dropped at your f/w?
    >
    > How many of your systems were targetted? Any in
    > particular, or a wide range of systems?
    >
    This ocurred at only one of our servers, which being in a remote location,
    only has internet access via dialup without a static IP, so the chance that
    our server was actually targeted appear small.

    None of the servers at our other locations showed any traffic on this port.
    Our firewall dropped all of it.

    The fact that there appear to be a number of originating IPs has me curious.
    # grep -i '3335' /home/omega13/tmp/syslog.1
    Mar 4 19:36:01 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.230.43.196 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=49415
    DF PROTO=TCP SPT=1386 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 19:36:01 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.230.43.196 DST=162.42.19.68 LEN=1341 TOS=0x00 PREC=0x00 TTL=107
    ID=49414 PROTO=UDP SPT=1564 DPT=3335 LEN=1321
    Mar 4 19:36:04 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.230.43.196 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=49432
    DF PROTO=TCP SPT=1386 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 19:36:04 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.230.43.196 DST=162.42.19.68 LEN=1341 TOS=0x00 PREC=0x00 TTL=107
    ID=49433 PROTO=UDP SPT=1564 DPT=3335 LEN=1321
    Mar 4 19:36:07 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.230.43.196 DST=162.42.19.68 LEN=1341 TOS=0x00 PREC=0x00 TTL=107
    ID=49436 PROTO=UDP SPT=1564 DPT=3335 LEN=1321
    Mar 4 19:36:11 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.230.43.196 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=49439
    DF PROTO=TCP SPT=1386 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 19:37:07 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=58252
    PROTO=TCP SPT=63977 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 19:37:11 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=2189
    PROTO=TCP SPT=63977 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 19:37:16 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=11405
    PROTO=TCP SPT=63977 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 19:37:29 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=29069
    PROTO=TCP SPT=63977 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 19:40:28 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=21650
    PROTO=TCP SPT=14903 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 19:40:30 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=22930
    PROTO=TCP SPT=14903 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 19:40:36 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=213.189.87.69 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=51321
    DF PROTO=TCP SPT=4400 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
    Mar 4 19:40:37 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=32146
    PROTO=TCP SPT=14903 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 19:40:38 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=213.189.87.69 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=51417
    DF PROTO=TCP SPT=4400 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=18149
    Mar 4 19:40:45 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=213.189.87.69 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=51596
    DF PROTO=TCP SPT=4400 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
    Mar 4 19:40:48 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=56978
    PROTO=TCP SPT=14903 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 19:44:09 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=213.189.87.69 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=56674
    DF PROTO=TCP SPT=4492 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=35637
    Mar 4 19:44:12 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=213.189.87.69 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=56748
    DF PROTO=TCP SPT=4492 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=54478
    Mar 4 19:51:02 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=172.145.72.85 DST=162.42.19.68 LEN=1341 TOS=0x00 PREC=0x00 TTL=111
    ID=60682 PROTO=UDP SPT=3195 DPT=3335 LEN=1321
    Mar 4 19:51:02 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=172.145.72.85 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=60683
    DF PROTO=TCP SPT=2737 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
    Mar 4 19:51:05 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=172.145.72.85 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=60685
    DF PROTO=TCP SPT=2737 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
    Mar 4 19:51:06 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=172.145.72.85 DST=162.42.19.68 LEN=1341 TOS=0x00 PREC=0x00 TTL=111
    ID=60686 PROTO=UDP SPT=3195 DPT=3335 LEN=1321
    Mar 4 19:51:09 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=172.145.72.85 DST=162.42.19.68 LEN=1341 TOS=0x00 PREC=0x00 TTL=111
    ID=60687 PROTO=UDP SPT=3195 DPT=3335 LEN=1321
    Mar 4 19:51:11 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=172.145.72.85 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=60698
    DF PROTO=TCP SPT=2737 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
    Mar 4 19:55:48 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.216.199.9 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=274 DF
    PROTO=TCP SPT=3571 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 19:55:50 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.216.199.9 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=308 DF
    PROTO=TCP SPT=3571 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 19:55:57 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.216.199.9 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=426 DF
    PROTO=TCP SPT=3571 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 19:57:28 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=199.44.175.42 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=103 ID=27048
    DF PROTO=TCP SPT=64582 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 20:03:31 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.226.32.53 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=21135
    DF PROTO=TCP SPT=3466 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
    Mar 4 20:03:34 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.226.32.53 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=21145
    DF PROTO=TCP SPT=3466 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
    Mar 4 20:03:40 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.226.32.53 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=21154
    DF PROTO=TCP SPT=3466 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
    Mar 4 20:03:51 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=170.215.15.177 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=113
    ID=44550 DF PROTO=TCP SPT=61283 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 20:03:54 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=170.215.15.177 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=113
    ID=44587 DF PROTO=TCP SPT=61283 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 20:04:00 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=170.215.15.177 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=113
    ID=44689 DF PROTO=TCP SPT=61283 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 20:05:34 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.212.16.64 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=65271
    DF PROTO=TCP SPT=4649 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 20:05:34 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.230.63.77 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=47821
    DF PROTO=TCP SPT=3042 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 20:05:37 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.212.16.64 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=65274
    DF PROTO=TCP SPT=4649 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 20:05:38 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.230.63.77 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=47943
    DF PROTO=TCP SPT=3042 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 20:05:43 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.212.16.64 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=65278
    DF PROTO=TCP SPT=4649 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 20:05:43 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.230.63.77 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=48090
    DF PROTO=TCP SPT=3042 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 20:05:56 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.161.179.70 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=13979
    DF PROTO=TCP SPT=3938 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 20:05:59 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.161.179.70 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=13982
    DF PROTO=TCP SPT=3938 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 20:06:04 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=80.62.253.203 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=17922
    DF PROTO=TCP SPT=1106 DPT=3335 WINDOW=8192 RES=0x00 SYN URGP=0
    Mar 4 20:06:05 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.161.179.70 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=13993
    DF PROTO=TCP SPT=3938 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 20:06:07 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=80.62.253.203 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=18946
    DF PROTO=TCP SPT=1106 DPT=3335 WINDOW=8192 RES=0x00 SYN URGP=0
    Mar 4 20:06:07 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=80.62.253.203 DST=162.42.19.68 LEN=1341 TOS=0x00 PREC=0x00 TTL=111
    ID=19202 PROTO=UDP SPT=3224 DPT=3335 LEN=1321
    Mar 4 20:06:10 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=80.62.253.203 DST=162.42.19.68 LEN=1341 TOS=0x00 PREC=0x00 TTL=111
    ID=45570 PROTO=UDP SPT=3224 DPT=3335 LEN=1321
    Mar 4 20:06:13 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=80.62.253.203 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=61186
    DF PROTO=TCP SPT=1106 DPT=3335 WINDOW=8192 RES=0x00 SYN URGP=0
    Mar 4 20:06:25 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=80.62.253.203 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=30467
    DF PROTO=TCP SPT=1106 DPT=3335 WINDOW=8192 RES=0x00 SYN URGP=0
    Mar 4 20:06:41 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.226.32.53 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=23122
    DF PROTO=TCP SPT=3481 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=23721
    Mar 4 20:06:43 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.226.32.53 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=23192
    DF PROTO=TCP SPT=3481 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=12468
    Mar 4 20:06:49 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.226.32.53 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=23202
    DF PROTO=TCP SPT=3481 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=12468
    Mar 4 20:07:00 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=24.217.56.145 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=42443
    DF PROTO=TCP SPT=3082 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
    Mar 4 20:07:03 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=24.217.56.145 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=42450
    DF PROTO=TCP SPT=3082 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
    Mar 4 20:07:09 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=24.217.56.145 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=42454
    DF PROTO=TCP SPT=3082 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
    Mar 4 20:07:25 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.252.200.144 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=104
    ID=31042 DF PROTO=TCP SPT=2097 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
    Mar 4 20:07:34 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=12.252.200.144 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=104
    ID=31045 DF PROTO=TCP SPT=2097 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
    Mar 4 20:07:49 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=128.211.144.175 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=109
    ID=64850 DF PROTO=TCP SPT=3560 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
    Mar 4 20:07:53 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=128.211.144.175 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=109
    ID=64852 DF PROTO=TCP SPT=3560 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
    Mar 4 20:07:59 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=128.211.144.175 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=109
    ID=64854 DF PROTO=TCP SPT=3560 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
    Mar 4 20:08:11 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=216.93.198.54 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=60923
    DF PROTO=TCP SPT=22990 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
    Mar 4 20:08:14 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=216.93.198.54 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=60925
    DF PROTO=TCP SPT=22990 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
    Mar 4 20:08:20 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=216.93.198.54 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=60926
    DF PROTO=TCP SPT=22990 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
    Mar 4 20:08:51 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=170.215.15.177 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=113
    ID=47864 DF PROTO=TCP SPT=61309 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 20:08:54 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=170.215.15.177 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=113
    ID=47868 DF PROTO=TCP SPT=61309 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 20:09:00 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=170.215.15.177 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=113
    ID=47876 DF PROTO=TCP SPT=61309 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
    Mar 4 20:12:29 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=13731
    PROTO=TCP SPT=42182 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:12:32 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=14499
    PROTO=TCP SPT=42182 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:12:38 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=17059
    PROTO=TCP SPT=42182 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:12:47 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=20643
    PROTO=TCP SPT=43635 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:12:49 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=21667
    PROTO=TCP SPT=42182 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:12:50 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=21923
    PROTO=TCP SPT=43635 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:12:57 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=22691
    PROTO=TCP SPT=43635 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:13:08 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=27043
    PROTO=TCP SPT=43635 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:13:28 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=34211
    PROTO=TCP SPT=46639 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:13:31 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=35747
    PROTO=TCP SPT=46639 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:13:37 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=39075
    PROTO=TCP SPT=46639 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:13:48 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=44963
    PROTO=TCP SPT=46639 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:14:27 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=6820
    PROTO=TCP SPT=51156 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:14:32 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=12196
    PROTO=TCP SPT=51156 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:14:44 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=18084
    PROTO=TCP SPT=51156 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:21:08 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=163.179.182.128 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=109
    ID=26413 DF PROTO=TCP SPT=1882 DPT=3335 WINDOW=8760 RES=0x00 SYN URGP=0
    Mar 4 20:21:11 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=163.179.182.128 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=109
    ID=26429 DF PROTO=TCP SPT=1882 DPT=3335 WINDOW=8760 RES=0x00 SYN URGP=0
    Mar 4 20:21:12 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=163.179.182.128 DST=162.42.19.68 LEN=1341 TOS=0x00 PREC=0x00 TTL=109
    ID=26431 PROTO=UDP SPT=3024 DPT=3335 LEN=1321
    Mar 4 20:21:15 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=163.179.182.128 DST=162.42.19.68 LEN=1341 TOS=0x00 PREC=0x00 TTL=109
    ID=26448 PROTO=UDP SPT=3024 DPT=3335 LEN=1321
    Mar 4 20:21:17 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=163.179.182.128 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=109
    ID=26466 DF PROTO=TCP SPT=1882 DPT=3335 WINDOW=8760 RES=0x00 SYN URGP=0
    Mar 4 20:26:13 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=28843
    PROTO=TCP SPT=40909 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:26:16 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=31147
    PROTO=TCP SPT=40909 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:26:22 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=33963
    PROTO=TCP SPT=40909 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:26:34 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=41643
    PROTO=TCP SPT=40909 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:27:27 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=19372
    PROTO=TCP SPT=46462 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:27:30 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=20652
    PROTO=TCP SPT=46462 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:27:45 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=28076
    PROTO=TCP SPT=47757 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:27:48 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=28844
    PROTO=TCP SPT=47757 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:27:48 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=28588
    PROTO=TCP SPT=46462 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:27:54 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=31148
    PROTO=TCP SPT=47757 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:28:06 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=34220
    PROTO=TCP SPT=47757 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:29:07 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=65452
    PROTO=TCP SPT=54577 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
    Mar 4 20:29:25 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
    SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=2989
    PROTO=TCP SPT=54577 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0 

    -- 
Sed quis custodiet ipsos custodes?
==========================================================================
Robin Lynn Frank - Director of Operations - Paradigm-Omega, LLC
Copyright and PGP/GPG info in mail or message headers.
Email acceptance policy at http://paradigm-omega.com/email_policy.html
==========================================================================
----------------------------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
  • Next message: gabriel rosenkoetter: "Re: Real-world attacks on sendmail CA-2003-07 seen"

    Relevant Pages

    • Re: Disaster Recovery Scenario Question
      ... The servers would be running SQL server, but the data that is critical to be ... Their primary purpose would be for safe storage. ... feasible way to keep the storage at the remote site synced up with the ... > at the simplest level you can have DCs at a remote location ...
      (microsoft.public.windows.server.general)
    • Re: "Code Red" worm - there MUST be at least two versions.
      ... Hash: SHA1 ... On Fri, 20 Jul 2001, Chris Paget wrote: ... can someone capture a copy of this second variant and ... > I intend to add egress filters to one of my servers and allow it to ...
      (Bugtraq)
    • Capture network traffic, without the data component of TCP packets.
      ... I am testing how much data flows between 2 servers (Server 2003, ... The problem is that the log files get ... well as the TCP information. ... Is there a way I can capture all of the TCP info (source IP+mac, ...
      (microsoft.public.windows.server.networking)
    • Re: Best process for seting up remote DC?
      ... Currently all servers are in the main site. ... We have two DC's currently running in the main subnet. ... network topology - in general You will need at least two sites in AD, one for main location and second for the other location connected with this T1 link. ... you can setup and promote Your DC in main location, then deliver machine to remote location and in AD You have to move this machine from Default first site to the site for this remote location (You can move DC using AD Sites and ...
      (microsoft.public.win2000.active_directory)
    • Re: OT: Supernews vs Newsfeeds et al
      ... The one I always stumble upon is almost 5 years old now. ... you will find several commercial and some for free _text-only_ news ... servers. ... Sed quis custodiet ipsos Custodes? ...
      (rec.aviation.piloting)