Re: Increase in UDP Port Scans
From: Cesar Osorio (COsorio_at_awb.com.au)
Date: 08/12/03
- Previous message: stephane nasdrovisky: "Re: SMTP DDoS"
- Maybe in reply to: Gordon Brandt: "Increase in UDP Port Scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Ranjeet Shetye <ranjeet.shetye2@zultys.com> Date: Tue, 12 Aug 2003 01:03:11 +0100
Ranjeet,
There is a Microsoft worm on the wild, and for what you are saying it
seems like some of your clients are infected with it, check Mcaffee or
Sophos or ther vendors websites they have instructions on how to remove it,
I hope you are using a good virus scanner.
make sure you have a firewall protecting your users and block all incomming
to via port 135-139, 445 , anyway read on.
Hope this helps..
......wait I will send you a link
https://tms.symantec.com/members/AnalystReports/030811-Alert-DCOMworm.pdf
Cesar Osorio
Ranjeet Shetye
<ranjeet.shetye2@ To:
security-basics@securityfocus.com
zultys.com> cc:
Subject: Re: Increase in UDP
Port Scans
12/08/2003 09:25
On Mon, 2003-08-11 at 08:19, Gordon Brandt wrote:
> I have noticed the following port scans lately on my network
>
> 08/11/2003 05:14:22.112 - Possible Port Scan -
Source:24.52.108.213, 1745,
> WAN - Destination:255.255.255.255, 7782, LAN -
UDP scanned port list,
> 8777, 8777, 7778, 7779, 7780 -
> 08/11/2003 05:14:22.128 - Probable Port Scan -
Source:24.52.108.213, 1745,
> WAN - Destination:255.255.255.255, 7787, LAN -
UDP scanned port list,
> 8777, 8777, 7778, 7779, 7780, 7781, 7782, 7783, 7784, 7785 -
>
>
> I did a little digging with google, and it appears that these ports are
used
> by Unreal Tournament servers. So, after seeing this, I relaxed a little
> thinking that someone had just gotten a new game. This morning, I
checked
> my email, and I have a significant amount of these messages, coming into
> different branch offices (we use cable/dsl for internet access) so it
can't
> just be one person with a new pc.
>
> Anyone else seeing this?
>
> Gordon Brandt
> Network Engineer
> AP Wagner, Inc.
> gbrandt@apwagner.com
>
>
>
---------------------------------------------------------------------------
>
----------------------------------------------------------------------------
Not to deflect attention from any possible intrusion attempts, but if
this happens primarily over the weekends or after-hours, your office
might be inhabitated by a bunch of gamers who cannot afford broadband at
home, and are using the office high speed connections to get their fix.
:D
Since I play UT once in a while (on my home DSL), I can understand their
need for a low ping.
-- Ranjeet Shetye Senior Software Engineer Zultys Technologies Ranjeet dot Shetye2 at Zultys dot com http://www.zultys.com/ The views, opinions, and judgements expressed in this message are solely those of the author. The message contents have not been reviewed or approved by Zultys. --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
- Previous message: stephane nasdrovisky: "Re: SMTP DDoS"
- Maybe in reply to: Gordon Brandt: "Increase in UDP Port Scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
