Re: Large increase in port 27347
From: Jeff Kell (jeff-kell_at_utc.edu)
Date: 10/30/03
- Previous message: James C. Slora, Jr.: "RE: New Trojan"
- In reply to: kyle.r.maxwell_at_verizon.com: "Re: Large increase in port 27347"
- Next in thread: Jeff Kell: "Re: Large increase in port 27347"
- Reply: Jeff Kell: "Re: Large increase in port 27347"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Oct 2003 16:18:40 -0500 To: kyle.r.maxwell@verizon.com, incidents@securityfocus.com
kyle.r.maxwell@verizon.com wrote:
> As Mark pointed out, this activity is on TCP 27347, not TCP 27374.
> Although I wonder if there's some scanning out there based on a typo in
> the port number?
We received a number of hits today to the same IP from a number of sources:
> Oct 30 09:16:36.395 EST: %SEC-6-IPACCESSLOGP: list ingress denied tcp 207.109.175.94(64462) -> aa.bb.cc.dd(27347), 1 packet
> Oct 30 09:21:06.752 EST: %SEC-6-IPACCESSLOGP: list ingress denied tcp 24.121.8.71(4383) -> aa.bb.cc.dd(27347), 1 packet
> Oct 30 09:40:50.378 EST: %SEC-6-IPACCESSLOGP: list ingress denied tcp 24.229.177.37(4165) -> aa.bb.cc.dd(27347), 1 packet
> Oct 30 10:44:25.997 EST: %SEC-6-IPACCESSLOGP: list ingress denied tcp 24.238.68.114(4131) -> aa.bb.cc.dd(27347), 1 packet
> Oct 30 10:58:41.578 EST: %SEC-6-IPACCESSLOGP: list ingress denied tcp 68.60.47.101(1941) -> aa.bb.cc.dd(27347), 1 packet
> Oct 30 11:33:51.109 EST: %SEC-6-IPACCESSLOGP: list ingress denied tcp 68.79.5.17(3889) -> aa.bb.cc.dd(27347), 1 packet
> Oct 30 11:57:54.483 EST: %SEC-6-IPACCESSLOGP: list ingress denied tcp 68.122.191.11(4771) -> aa.bb.cc.dd(27347), 1 packet
> Oct 30 12:28:41.678 EST: %SEC-6-IPACCESSLOGP: list ingress denied tcp 68.52.149.156(4038) -> aa.bb.cc.dd(27347), 1 packet
> Oct 30 13:05:24.819 EST: %SEC-6-IPACCESSLOGP: list ingress denied tcp 4.41.167.109(1181) -> aa.bb.cc.dd(27347), 1 packet
> Oct 30 15:38:19.290 EST: %SEC-6-IPACCESSLOGP: list ingress denied tcp 68.8.239.92(2163) -> aa.bb.cc.dd(27347), 1 packet
> Oct 30 15:45:50.710 EST: %SEC-6-IPACCESSLOGP: list ingress denied tcp 65.93.88.39(3832) -> aa.bb.cc.dd(27347), 1 packet
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_incidents_031023
and use priority code SF4.
----------------------------------------------------------------------------
- Previous message: James C. Slora, Jr.: "RE: New Trojan"
- In reply to: kyle.r.maxwell_at_verizon.com: "Re: Large increase in port 27347"
- Next in thread: Jeff Kell: "Re: Large increase in port 27347"
- Reply: Jeff Kell: "Re: Large increase in port 27347"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
