Increase seen in port probes since Tuesday afternoon

From: BahdKo (bahdko_at_erols.com)
Date: 12/30/04

Next message: M. Shirk: "RE: Increase seen in port probes since Tuesday afternoon"

Previous message: Francesca Smith: "Re: UDP Port Sweep question"
Next in thread: M. Shirk: "RE: Increase seen in port probes since Tuesday afternoon"
Reply: M. Shirk: "RE: Increase seen in port probes since Tuesday afternoon"
Reply: James C Slora Jr: "RE: Increase seen in port probes since Tuesday afternoon"
Reply: Martin Mačok: "Re: Increase seen in port probes since Tuesday afternoon"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 30 Dec 2004 11:22:51 +0200
To: incidents@securityfocus.com

Is anyone else seeing this?

Since Tuesday afternoon EST I've seen a dramatic increase in the number
of machines probing my network on ports 2745, 1025, 3127, 6129, and
usually 80. Each probe involves the machine sending three packets to
each port.

--Laura

Next message: M. Shirk: "RE: Increase seen in port probes since Tuesday afternoon"

Previous message: Francesca Smith: "Re: UDP Port Sweep question"
Next in thread: M. Shirk: "RE: Increase seen in port probes since Tuesday afternoon"
Reply: M. Shirk: "RE: Increase seen in port probes since Tuesday afternoon"
Reply: James C Slora Jr: "RE: Increase seen in port probes since Tuesday afternoon"
Reply: Martin Mačok: "Re: Increase seen in port probes since Tuesday afternoon"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: 0.0.0.0 Probes
... Note that you cannot possibly send return packets to this address. ... So I wouldn't call this a "probe", unless it was written by someone ... The attacker doesn't care that the destination ... This traffic is being dropped by my firewalls. ...
(Security-Basics)
Re: screenshots for Dominions 3
... You route those packets to the p2p machine, ... Once upon a time, there was wild speculation that virus/trojan/worm writers might stop just trying to crash machines, and start taking them over, to get your personal information, or use your machine as a spam-source. ... Now, bittorrent is not a "send to the p2p machine" system, it is a "get from whatever machine out there claims to be a source for what you want" system. ... BUT the machine sending it is not sending what you believe, but rather, a trojan, which gets onto your machine, starts up, takes over, and now you are a crime statistic. ...
(comp.sys.ibm.pc.games.strategic)
Re: FW: [Full-Disclosure] Question for DNS pros
... Ron DuFresne wrote: ... >the 3-DNS's probe traffic is too obnoxious for you. ... configuration should generate no more than 16-20 packets per hour per site. ... response when you visit Yahoo, Google, CNN, your bank, etc. and only getting ...
(Full-Disclosure)
Generating Traffic to Stress Test IDS
... > traffic to see at what point an IDS starts dropping packets? ... o.c.)to probe he speed. ... Linux User #119288 ...
(Focus-IDS)