Re: Port scanned by these strange IPs...
From: someone (nonexistent2032_at_yahoo.co.uk)
Date: 11/23/05
- Next message: Notan: "Re: Port scanned by these strange IPs..."
- Previous message: Imhotep: "Re: Software writers spot open source in Sony BMG CDs"
- In reply to: Moe Trin: "Re: Port scanned by these strange IPs..."
- Next in thread: Notan: "Re: Port scanned by these strange IPs..."
- Reply: Notan: "Re: Port scanned by these strange IPs..."
- Reply: Bit Twister: "Re: Port scanned by these strange IPs..."
- Reply: Donnie: "Re: Port scanned by these strange IPs..."
- Reply: Moe Trin: "Re: Port scanned by these strange IPs..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 22 Nov 2005 17:07:42 -0800
Hi, thanks for your helpful insight. I've been port scanned more today,
and they seem to be going for ports 1025, 1027, 1028, 1029 and 135.
What tool do you use for your WHOIS lookups? I use www.dnsstuff.com,
which obviously isn't 100% complete!
BTW, why would anyone want to do a UDP port scan if it is
connectionless? Obviously the point of a port scan is to find open &
vulnerable port numbers to establish an illicit connection...
Thanks.
P.S. Useful definition of UDP: (Didn't know before you pointed it out!)
http://www.ingate.com/files/422/fwmanual-en/xa11944.html
UDP protocol
UDP does not make a connection. It examines data that comes from
outside for accuracy, by checksums. This is like examining a postcard
to ensure that it has not been torn up. UDP does not keep track of
whether or not all data gets through or if it is in the right order;
this is the job of the application. So the data does not have an ACK
confirmation. Peter and Christy, sending postcards, have to keep track
of their own postcards and Peter has to tell Christy the order in which
they should be read. UDP keeps track of the contacts using port
numbers, just like TCP.
Moe Trin wrote:
> On 21 Nov 2005 16:09:06Usenet newsgroup alt.computer.security, in article
> <1132618146.790901.234720@g44g2000cwa.googlegroups.com>, someone wrote:
>
> >Hi guys. I've been port scanned by these unusual IPs...any comments?
>
> Can you say 'Bogus'?
>
> >All of them are UDP scans in the past 6 hours:
>
> What exactly is a UDP scan? UDP is a connectionless protocol, and if it's
> something like a single packet from some random IP (especially to ports
> 1025-1035), it's almost certainly faked addresses.
>
> >18.78.12.98
> >Unknown
>
> mit.edu
>
> >32.151.80.166
> >Unknown
>
> IBM Global
>
> >17.208.21.26
> >Unknown
>
> Apple Computer
>
> >92.209.66.146
> >Internet Assigned Numbers Authority
>
> This one proves the fake. 92.0.0.0 to 123.255.255.255 have not been issued.
>
> >77.11.7.6
> >Internet Assigned Numbers Authority
>
> Also not issued. See http://www.iana.org/assignments/ipv4-address-space
>
> >10.68.120.240
> >Internet Assigned Numbers Authority
>
> See RFC1918. If these are really coming in over your Internet connection,
> scream at your ISP about ingress filtering - see RFC2827 and RFC3804.
>
> You may want to look at the port numbers this crap is being sent to. If
> the destination ports are 1025 to (say) 1035, and the packet size is 300
> to 900 bytes, this is just microsoft messenger spams. Block those ports
> inbound (silent discard) and ignore.
>
> Old guy
- Next message: Notan: "Re: Port scanned by these strange IPs..."
- Previous message: Imhotep: "Re: Software writers spot open source in Sony BMG CDs"
- In reply to: Moe Trin: "Re: Port scanned by these strange IPs..."
- Next in thread: Notan: "Re: Port scanned by these strange IPs..."
- Reply: Notan: "Re: Port scanned by these strange IPs..."
- Reply: Bit Twister: "Re: Port scanned by these strange IPs..."
- Reply: Donnie: "Re: Port scanned by these strange IPs..."
- Reply: Moe Trin: "Re: Port scanned by these strange IPs..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
