Scanned on 16 TCP ports, anyone seen this before?
From: Kevin Patz (jambo_cat_at_yahoo.com)
Date: 02/02/04
- Previous message: James C Slora Jr: "RE: Blaster Recurrence"
- Next in thread: Lawrence Baldwin: "RE: Scanned on 16 TCP ports, anyone seen this before?"
- Reply: Lawrence Baldwin: "RE: Scanned on 16 TCP ports, anyone seen this before?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 2 Feb 2004 11:21:04 -0800 (PST) To: incidents@securityfocus.com
I noticed this when I was perusing the packet log on
my Linux box. These scans all occurred at 2/2/04
13:21:10 EST. The source IP was 65.177.48.74, RDNS is
sdn-ap-024txhousP0074.dialsprint.net. Source port is
18765, all TCP SYNs, same TTL. Destination ports, in
order by packet sequence #, are:
24215, 15859, 24759, 80, 2589, 32745, 18754, 14784,
18462, 8080, 26859, 17547, 3128, 1029, 27784, 6588
Of these destination ports, the only "familiar" ones
are 80 (http), 2589 (Dagger), 3129 (Squid), 6588
(AnalogX), 8080 (WebCache), and 1029 (ICQ).
Has anyone else seen scans like this? Any ideas as to
its purpose? I've seen Ring Zero and proxy scans but
this one hit quite a few odd ports. Maybe a spammer
looking for an open proxy?
KJP
=====
I see dumb people...
...they're everywhere...
...they walk around like everyone else...
...they don't even know that they're dumb.
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: James C Slora Jr: "RE: Blaster Recurrence"
- Next in thread: Lawrence Baldwin: "RE: Scanned on 16 TCP ports, anyone seen this before?"
- Reply: Lawrence Baldwin: "RE: Scanned on 16 TCP ports, anyone seen this before?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
