Anonymous LogOff and UDP Out Connections

From: Mark Sargent (powderkeg_at_snow.email.ne.jp)
Date: 09/09/03

Next message: Dave: "RE: HSRP with load balancing on a Cisco IOS based firewall"

Previous message: K. K. Mookhey (NII): "Re: Monitor IIS logs"
Next in thread: Joey Peloquin: "RE: Anonymous LogOff and UDP Out Connections"
Reply: Joey Peloquin: "RE: Anonymous LogOff and UDP Out Connections"
Reply: GSimmonds: "Re: Anonymous LogOff and UDP Out Connections"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Security-Basics@Securityfocus. Com" <security-basics@securityfocus.com>
Date: Tue, 9 Sep 2003 14:14:28 +0900

Hi All,

When activating the LAN, I notice numerous UDP packet attempts to a number
of different IPs,

61.111.253.229
61.111.93.64
61.111.31.214

on the Host machine. All attempts are from the localhost on port 137 to
owner;stystem on 137. What are thse attempts. Also, I'm seeing numerous
LogOff alerts in Security Event Viewer.

User Logoff:
         User Name: ANONYMOUS LOGON
         Domain: NT AUTHORITY
         Logon ID: (0x0,0xBC852)
         Logon Type: 3

User Logoff:
         User Name: ANONYMOUS LOGON
         Domain: NT AUTHORITY
         Logon ID: (0x0,0xB9BB8)
         Logon Type: 3

User Logoff:
         User Name: ANONYMOUS LOGON
         Domain: NT AUTHORITY
         Logon ID: (0x0,0xB1C26)
         Logon Type: 3

16 in the past 2-3hrs.

I'm also getting a lot of attempts from the Client, 192.168.0.2 to connect
to port localhost on port 53, UDP(there is no owner). What is all of this..?
I'm stealthed according to the security checks here on this site and
grc.com. Any help appreciated. Cheers.

OS = Win2kPro(both Host(192.168.0.1) and Client(192.168.0.2))
Firewall = Kerio
Connection = ISDN

---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Precisely Define and Implement Network Security
- Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW - FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

Next message: Dave: "RE: HSRP with load balancing on a Cisco IOS based firewall"

Previous message: K. K. Mookhey (NII): "Re: Monitor IIS logs"
Next in thread: Joey Peloquin: "RE: Anonymous LogOff and UDP Out Connections"
Reply: Joey Peloquin: "RE: Anonymous LogOff and UDP Out Connections"
Reply: GSimmonds: "Re: Anonymous LogOff and UDP Out Connections"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]