Re: UDP Port Sweep question
From: Tim (tim-forensics_at_sentinelchicken.org)
Date: 12/29/04
- Previous message: Don Parker: "Re: UDP Port Sweep question"
- In reply to: Billy Dodson: "UDP Port Sweep question"
- Next in thread: Kyle Maxwell: "Re: UDP Port Sweep question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Dec 2004 18:52:35 -0500 To: Billy Dodson <CraftedPacket@securitynerds.org>
> I monitor 3 different sensors which are continuously pounded with network
> reconnaissance of all types.
I assume these are outside of firewalls?
> These sensors all belong to financial
> institutions. One thing that jumped out at me are "UDP Port Sweeps"
> events from about 15 different IP addresses which all belong to either IBM
> or Sequent (which was bought by IBM). I see these same IP addresses doing
> the same thing on all three sensors. I have contacted the clients and
> they do not deal with IBM or Sequent in any way. Are there legitimate type
> traffic
> that would cause these events to fire?
Can you provide more information? Source and destination ports, ttls,
etc? Otherwise I wouldn't know how to answer such a question.
> It is odd to me that I see them on
> all 3 sensors for 3 different companies but all happen to be in the
> financial industry. Thanks in advance for your input.
It wouldn't be the first time that the financial industry was targetted.
Then again, it could be nothing.
tim
- Previous message: Don Parker: "Re: UDP Port Sweep question"
- In reply to: Billy Dodson: "UDP Port Sweep question"
- Next in thread: Kyle Maxwell: "Re: UDP Port Sweep question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
