Re: ICMP port 2048 scans

From: Logan Rogers-Follis - TNTNetworx.net (logan_at_tntnetworx.net)
Date: 08/26/03

Next message: bugtraq_at_cgisecurity.net: "Re: strange web traffic"

Previous message: Schmehl, Paul L: "RE: Can anyone identify this possible backdoor?"
In reply to: Valdis.Kletnieks_at_vt.edu: "Re: ICMP port 2048 scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 26 Aug 2003 09:43:44 -0600
To: Valdis.Kletnieks@vt.edu

I also might note this is a good reason to have a Software based
firewall on the boxes even if they sit on an internal network. I know
that's what protected my business computer when our servers got hit
recently (hit 3 other workstations what were unpatched and unfirewalled).

Logan

Valdis.Kletnieks@vt.edu wrote:

>On Fri, 22 Aug 2003 21:50:53 -0000, Ryan McConky <rmcconky@webmd.net> said:
>
>
>>In-Reply-To: <Law15-F50f3sllNY30k0001b928@hotmail.com>
>>
>>We are seeing the same thing on our routers. What is troubling me is that
>>it is incrementing the dest ip by one each second. Like it is scanning.
>>It is scanning internal and external networks. Most traced to Asian
>>countries. Anyone else seeing this?
>>
>>
>
>Hmm.. you *just* noticed the Nachi worm ping-scanning your net, huh? ;)
>
>Wait a bit, you'll see it from all over. If you had any unpatched windows boxes
>on your net, you'll be seeing it from inside your net too.. ;)
>
>

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

Next message: bugtraq_at_cgisecurity.net: "Re: strange web traffic"

Previous message: Schmehl, Paul L: "RE: Can anyone identify this possible backdoor?"
In reply to: Valdis.Kletnieks_at_vt.edu: "Re: ICMP port 2048 scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: SSH Access Issues
... I have several F8 and F9 boxes in an internal network. ... I can ssh between ... them all happily as root, but not as individual other users. ...
(Fedora)
Re: Looking for Telnet like war dialer
... ('binary' encoding is not supported, ... >of a group of boxes within an internal network. ...
(Pen-Test)
Re: Looking for Telnet like war dialer
... > I'm in the process of conducting a vulnerability penetration test analysis ... > of a group of boxes within an internal network. ...
(Pen-Test)
Looking for Telnet like war dialer
... I'm in the process of conducting a vulnerability penetration test analysis ... of a group of boxes within an internal network. ...
(Pen-Test)