UDP Port Sweep question
From: Billy Dodson (CraftedPacket_at_securitynerds.org)
Date: 12/28/04
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] RE: Worm hitting PHPbb2 Forums"
- Next in thread: Don Parker: "Re: UDP Port Sweep question"
- Maybe reply: Don Parker: "Re: UDP Port Sweep question"
- Reply: Tim: "Re: UDP Port Sweep question"
- Reply: Kyle Maxwell: "Re: UDP Port Sweep question"
- Reply: Ron: "Re: UDP Port Sweep question"
- Maybe reply: Billy Dodson: "RE: UDP Port Sweep question"
- Maybe reply: Colby DeRodeff: "RE: UDP Port Sweep question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Dec 2004 22:31:14 -0000 (GMT) To: incidents@securityfocus.com
I monitor 3 different sensors which are continuously pounded with network
reconnaissance of all types. These sensors all belong to financial
institutions. One thing that jumped out at me are "UDP Port Sweeps"
events from about 15 different IP addresses which all belong to either IBM
or Sequent (which was bought by IBM). I see these same IP addresses doing
the same thing on all three sensors. I have contacted the clients and
they do not deal with IBM or Sequent in any way. Are there legitimate type
traffic
that would cause these events to fire? It is odd to me that I see them on
all 3 sensors for 3 different companies but all happen to be in the
financial industry. Thanks in advance for your input.
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] RE: Worm hitting PHPbb2 Forums"
- Next in thread: Don Parker: "Re: UDP Port Sweep question"
- Maybe reply: Don Parker: "Re: UDP Port Sweep question"
- Reply: Tim: "Re: UDP Port Sweep question"
- Reply: Kyle Maxwell: "Re: UDP Port Sweep question"
- Reply: Ron: "Re: UDP Port Sweep question"
- Maybe reply: Billy Dodson: "RE: UDP Port Sweep question"
- Maybe reply: Colby DeRodeff: "RE: UDP Port Sweep question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
