[Intrusions] 3803/udp from broadband boxes?
Earnhart, Benjamin J
benjamin-earnhart at uiowa.edu
Sat Apr 2 18:48:29 GMT 2005
Do you know for a fact that it's not SoniqSync
http://www.soniqcast.com/site/FAQ%20Support/Getting_Started_FAQ.htm
That seems the most likely origin to me, though that's based purely on
port number. Most chatty protocols (game servers and multi-media stuff
can be really chatty) only broadcast or multicast on the subnet if the
ISPs have their routers configured correctly, so it does seem odd to
have packets from several *different* networks coming in.
Which brings up the most likely explanation -- you didn't happen to have
ran a game server, file sharing app, or anything like that in the last
few months? Those generate so many connections on so many ports (and
clients retain memories of interesting IP addresses) that it can take
months to clear out oddities from them. IM programs can be just as bad
noise-wise, though those are generally easier to identify. For that
matter, if you are on a dynamic IP, then you might pick up such traffic
that is meant for somebody else who once had your IP address.
Might check to see if there are known vulnerabilities in SoniqSync --
when I see a strange bunch of hosts scanning on a port I'm not used to
seeing, it often means that exploit code got released against some odd
app that nobody bothered messing with before (I call them
vuln-of-the-week-club packets). But I'm not seeing anything on that
port on any of the machines I monitor (just a few dropped connections to
webservers when the client suddenly stopped loading a page), and Dshield
shows no movement on that port either. So that's probably not what's
going on.
There are so many oddities out there that probably it's just one of
those things that makes you go "huh. Nothing to see here, move along."
For example, if some hacker places backdoors on that port, and he (or
somebody else) is looking for boxes he compromised, but his kit wasn't
popular enough to show up at Symantec or anything like that, then you
may never know what you're seeing unless you actually got your hands on
one of the boxes that's doing the scanning. Or a non-malicious
explanation that would be just as impossible to track down, some CS
student testing out his new Java skills (though this one wouldn't likely
be coming in from several different networks).
Guess this doesn't help you much, but maybe gives you some
ideas/thoughts towards solving your mystery.
> -----Original Message-----
> From: intrusions-bounces at lists.sans.org
> [mailto:intrusions-bounces at lists.sans.org] On Behalf Of Michael
> Sent: Saturday, April 02, 2005 7:24 AM
> To: intrusions at lists.sans.org
> Subject: [Intrusions] 3803/udp from broadband boxes?
>
> Hi there,
>
> More of a curiousity than a concern--does this look familiar
> to anyone?
> Didn't have any luck with Google or the other usual suspects.
>
> I allowed some of the packets through my FW to get a sniff.
> 12 frames follow, then some FW logs to give an idea of the
> source hosts (the couple I looked up appear to be home
> broadband clients) and the pattern of packets. The probes
> ceased as of the last log in this list.
>
> Any ideas?
>
> -Mike
>
> (ps--yeah, you could pull my internal address information out
> of the hex; is there a quick tool for sanitising that kind of
> stuff on a non-enterprise scale?)
>
> Packet traces:
>
> No. Time Source Destination
> Protocol Info
> 1 20:01:10.866888 24.18.43.15 100.100.100.100
> UDP
> Source port: 2319 Destination port: 3803
>
> Frame 1 (80 bytes on wire, 80 bytes captured) Internet
> Protocol, Src Addr: 24.18.43.15 (24.18.43.15), Dst Addr:
> 100.100.100.100 (100.100.100.100)
> User Datagram Protocol, Src Port: 2319 (2319), Dst Port: 3803
> (3803) Data (38 bytes)
>
> 0000 c0 28 34 1c e2 1a c8 f2 2f 66 a2 2a 49 94 f6 5c
> .(4...../f.*I..\
> 0010 07 69 3a 0c af 56 21 dd 27 e9 2d 7d 74 5a f4 8b
> .i:..V!.'.-}tZ..
> 0020 8d 93 73 36 ae 6b ..s6.k
>
> No. Time Source Destination
> Protocol Info
> 2 20:01:14.036034 24.18.43.15 100.100.100.100
> UDP
> Source port: 2319 Destination port: 3803
>
> Frame 2 (80 bytes on wire, 80 bytes captured) Internet
> Protocol, Src Addr: 24.18.43.15 (24.18.43.15), Dst Addr:
> 100.100.100.100 (100.100.100.100)
> User Datagram Protocol, Src Port: 2319 (2319), Dst Port: 3803
> (3803) Data (38 bytes)
>
> 0000 c0 28 34 1c e2 1a c8 f2 2f 66 a2 2a 49 94 f6 5c
> .(4...../f.*I..\
> 0010 07 69 3a 0c af 56 21 dd 27 e9 2d 7d 74 5a f4 8b
> .i:..V!.'.-}tZ..
> 0020 8d 93 73 36 ae 6b ..s6.k
>
> No. Time Source Destination
> Protocol Info
> 3 20:01:17.019934 24.18.43.15 100.100.100.100
> UDP
> Source port: 2319 Destination port: 3803
>
> Frame 3 (80 bytes on wire, 80 bytes captured) Internet
> Protocol, Src Addr: 24.18.43.15 (24.18.43.15), Dst Addr:
> 100.100.100.100 (100.100.100.100)
> User Datagram Protocol, Src Port: 2319 (2319), Dst Port: 3803
> (3803) Data (38 bytes)
>
> 0000 c0 28 34 1c e2 1a c8 f2 2f 66 a2 2a 49 94 f6 5c
> .(4...../f.*I..\
> 0010 07 69 3a 0c af 56 21 dd 27 e9 2d 7d 74 5a f4 8b
> .i:..V!.'.-}tZ..
> 0020 8d 93 73 36 ae 6b ..s6.k
>
> No. Time Source Destination
> Protocol Info
> 4 20:03:29.040040 24.18.43.15 100.100.100.100
> UDP
> Source port: 2319 Destination port: 3803
>
> Frame 4 (80 bytes on wire, 80 bytes captured) Internet
> Protocol, Src Addr: 24.18.43.15 (24.18.43.15), Dst Addr:
> 100.100.100.100 (100.100.100.100)
> User Datagram Protocol, Src Port: 2319 (2319), Dst Port: 3803
> (3803) Data (38 bytes)
>
> 0000 c0 28 33 38 ca 2f cd 47 b0 ac e5 a8 b8 e5 02 a5
> .(38./.G........
> 0010 5e 9e 1c 95 81 49 9c ec 4e fd 6e dc 9e 48 6f 7f
> ^....I..N.n..Ho.
> 0020 12 67 ac b0 9f 86 .g....
>
> No. Time Source Destination
> Protocol Info
> 5 20:03:31.829559 24.18.43.15 100.100.100.100
> UDP
> Source port: 2319 Destination port: 3803
>
> Frame 5 (80 bytes on wire, 80 bytes captured) Internet
> Protocol, Src Addr: 24.18.43.15 (24.18.43.15), Dst Addr:
> 100.100.100.100 (100.100.100.100)
> User Datagram Protocol, Src Port: 2319 (2319), Dst Port: 3803
> (3803) Data (38 bytes)
>
> 0000 c0 28 33 38 ca 2f cd 47 b0 ac e5 a8 b8 e5 02 a5
> .(38./.G........
> 0010 5e 9e 1c 95 81 49 9c ec 4e fd 6e dc 9e 48 6f 7f
> ^....I..N.n..Ho.
> 0020 12 67 ac b0 9f 86 .g....
>
> No. Time Source Destination
> Protocol Info
> 6 20:03:35.005869 24.18.43.15 100.100.100.100
> UDP
> Source port: 2319 Destination port: 3803
>
> Frame 6 (80 bytes on wire, 80 bytes captured) Internet
> Protocol, Src Addr: 24.18.43.15 (24.18.43.15), Dst Addr:
> 100.100.100.100 (100.100.100.100)
> User Datagram Protocol, Src Port: 2319 (2319), Dst Port: 3803
> (3803) Data (38 bytes)
>
> 0000 c0 28 33 38 ca 2f cd 47 b0 ac e5 a8 b8 e5 02 a5
> .(38./.G........
> 0010 5e 9e 1c 95 81 49 9c ec 4e fd 6e dc 9e 48 6f 7f
> ^....I..N.n..Ho.
> 0020 12 67 ac b0 9f 86 .g....
>
> No. Time Source Destination
> Protocol Info
> 7 20:05:26.860268 24.18.43.15 100.100.100.100
> UDP
> Source port: 2319 Destination port: 3803
>
> Frame 7 (80 bytes on wire, 80 bytes captured) Internet
> Protocol, Src Addr: 24.18.43.15 (24.18.43.15), Dst Addr:
> 100.100.100.100 (100.100.100.100)
> User Datagram Protocol, Src Port: 2319 (2319), Dst Port: 3803
> (3803) Data (38 bytes)
>
> 0000 c0 28 91 3d d7 aa d1 22 07 9d 2c 09 47 c0 7a 40
> .(.=..."..,.G.z@
> 0010 2e aa 6e 01 6f 20 d0 27 82 00 77 d0 2f 84 8e 49 ..n.o
> .'..w./..I
> 0020 be 6a 9d 66 dd c6 .j.f..
>
> No. Time Source Destination
> Protocol Info
> 8 20:05:30.009788 24.18.43.15 100.100.100.100
> UDP
> Source port: 2319 Destination port: 3803
>
> Frame 8 (80 bytes on wire, 80 bytes captured) Internet
> Protocol, Src Addr: 24.18.43.15 (24.18.43.15), Dst Addr:
> 100.100.100.100 (100.100.100.100)
> User Datagram Protocol, Src Port: 2319 (2319), Dst Port: 3803
> (3803) Data (38 bytes)
>
> 0000 c0 28 91 3d d7 aa d1 22 07 9d 2c 09 47 c0 7a 40
> .(.=..."..,.G.z@
> 0010 2e aa 6e 01 6f 20 d0 27 82 00 77 d0 2f 84 8e 49 ..n.o
> .'..w./..I
> 0020 be 6a 9d 66 dd c6 .j.f..
>
> No. Time Source Destination
> Protocol Info
> 9 20:05:32.856035 24.18.43.15 100.100.100.100
> UDP
> Source port: 2319 Destination port: 3803
>
> Frame 9 (80 bytes on wire, 80 bytes captured) Internet
> Protocol, Src Addr: 24.18.43.15 (24.18.43.15), Dst Addr:
> 100.100.100.100 (100.100.100.100)
> User Datagram Protocol, Src Port: 2319 (2319), Dst Port: 3803
> (3803) Data (38 bytes)
>
> 0000 c0 28 91 3d d7 aa d1 22 07 9d 2c 09 47 c0 7a 40
> .(.=..."..,.G.z@
> 0010 2e aa 6e 01 6f 20 d0 27 82 00 77 d0 2f 84 8e 49 ..n.o
> .'..w./..I
> 0020 be 6a 9d 66 dd c6 .j.f..
>
> No. Time Source Destination
> Protocol Info
> 10 20:07:55.918342 24.18.43.15 100.100.100.100
> UDP
> Source port: 2319 Destination port: 3803
>
> Frame 10 (80 bytes on wire, 80 bytes captured) Internet
> Protocol, Src Addr: 24.18.43.15 (24.18.43.15), Dst Addr:
> 100.100.100.100 (100.100.100.100)
> User Datagram Protocol, Src Port: 2319 (2319), Dst Port: 3803
> (3803) Data (38 bytes)
>
> 0000 c0 28 c0 fe 5a a1 d5 fd ca c9 b5 65 ad bc 8c a9
> .(..Z......e....
> 0010 46 dd de 99 8e ab 95 9b a3 6c 98 d1 ac a0 b8 6c
> F........l.....l
> 0020 e3 a4 04 95 f8 4d .....M
>
> No. Time Source Destination
> Protocol Info
> 11 20:07:58.885564 24.18.43.15 100.100.100.100
> UDP
> Source port: 2319 Destination port: 3803
>
> Frame 11 (80 bytes on wire, 80 bytes captured) Internet
> Protocol, Src Addr: 24.18.43.15 (24.18.43.15), Dst Addr:
> 100.100.100.100 (100.100.100.100)
> User Datagram Protocol, Src Port: 2319 (2319), Dst Port: 3803
> (3803) Data (38 bytes)
>
> 0000 c0 28 c0 fe 5a a1 d5 fd ca c9 b5 65 ad bc 8c a9
> .(..Z......e....
> 0010 46 dd de 99 8e ab 95 9b a3 6c 98 d1 ac a0 b8 6c
> F........l.....l
> 0020 e3 a4 04 95 f8 4d .....M
>
> No. Time Source Destination
> Protocol Info
> 12 20:08:01.823883 24.18.43.15 100.100.100.100
> UDP
> Source port: 2319 Destination port: 3803
>
> Frame 12 (80 bytes on wire, 80 bytes captured) Internet
> Protocol, Src Addr: 24.18.43.15 (24.18.43.15), Dst Addr:
> 100.100.100.100 (100.100.100.100)
> User Datagram Protocol, Src Port: 2319 (2319), Dst Port: 3803
> (3803) Data (38 bytes)
>
> 0000 c0 28 c0 fe 5a a1 d5 fd ca c9 b5 65 ad bc 8c a9
> .(..Z......e....
> 0010 46 dd de 99 8e ab 95 9b a3 6c 98 d1 ac a0 b8 6c
> F........l.....l
> 0020 e3 a4 04 95 f8 4d .....M
>
>
> FW logs:
>
>
> Sat 02 Apr 2005 00:33:04 EST Unrecognized access from
> 65.189.226.70:1214 to UDP port 3803 Sat 02 Apr 2005 00:34:24
> EST Unrecognized access from 24.116.84.222:2058 to UDP port
> 3803 Sat 02 Apr 2005 00:34:27 EST Unrecognized access from
> 24.116.84.222:2058 to UDP port 3803 Sat 02 Apr 2005 00:34:31
> EST Unrecognized access from 24.116.84.222:2058 to UDP port
> 3803 Sat 02 Apr 2005 00:35:55 EST Unrecognized access from
> 67.97.99.62:1724 to UDP port 3803 Sat 02 Apr 2005 00:35:58
> EST Unrecognized access from 67.97.99.62:1724 to UDP port
> 3803 Sat 02 Apr 2005 00:36:01 EST Unrecognized access from
> 67.97.99.62:1724 to UDP port 3803 Sat 02 Apr 2005 00:38:12
> EST Unrecognized access from 24.255.73.91:3322 to UDP port
> 3803 Sat 02 Apr 2005 00:38:15 EST Unrecognized access from
> 24.255.73.91:3322 to UDP port 3803 Sat 02 Apr 2005 00:38:18
> EST Unrecognized access from 24.255.73.91:3322 to UDP port
> 3803 Sat 02 Apr 2005 00:43:51 EST Unrecognized access from
> 24.30.108.197:1160 to UDP port 3803 Sat 02 Apr 2005 00:43:59
> EST Unrecognized access from 24.30.108.197:1160 to UDP port
> 3803 Sat 02 Apr 2005 00:51:10 EST Unrecognized access from
> 4.64.65.175:21917 to UDP port 1028 Sat 02 Apr 2005 00:53:19
> EST Unrecognized access from 24.118.23.85:1931 to UDP port
> 3803 Sat 02 Apr 2005 00:53:22 EST Unrecognized access from
> 24.118.23.85:1931 to UDP port 3803 Sat 02 Apr 2005 00:53:25
> EST Unrecognized access from 24.118.23.85:1931 to UDP port
> 3803 Sat 02 Apr 2005 00:57:04 EST Unrecognized access from
> 12.210.156.6:3235 to UDP port 3803 Sat 02 Apr 2005 00:57:07
> EST Unrecognized access from 12.210.156.6:3235 to UDP port
> 3803 Sat 02 Apr 2005 00:57:10 EST Unrecognized access from
> 12.210.156.6:3235 to UDP port 3803 Sat 02 Apr 2005 00:58:45
> EST Unrecognized access from 12.210.156.6:3235 to UDP port
> 3803 Sat 02 Apr 2005 00:58:48 EST Unrecognized access from
> 12.210.156.6:3235 to UDP port 3803 Sat 02 Apr 2005 00:58:51
> EST Unrecognized access from 12.210.156.6:3235 to UDP port
> 3803 Sat 02 Apr 2005 01:00:19 EST Unrecognized access from
> 24.20.78.32:1729 to UDP port 3803 Sat 02 Apr 2005 01:00:22
> EST Unrecognized access from 24.20.78.32:1729 to UDP port
> 3803 Sat 02 Apr 2005 01:00:25 EST Unrecognized access from
> 24.20.78.32:1729 to UDP port 3803 Sat 02 Apr 2005 01:02:03
> EST Unrecognized access from 24.116.47.95:2625 to UDP port
> 3803 Sat 02 Apr 2005 01:02:06 EST Unrecognized access from
> 24.116.47.95:2625 to UDP port 3803 Sat 02 Apr 2005 01:02:10
> EST Unrecognized access from 24.116.47.95:2625 to UDP port
> 3803 Sat 02 Apr 2005 01:07:45 EST Unrecognized access from
> 24.127.60.113:1444 to UDP port 3803 Sat 02 Apr 2005 01:07:49
> EST Unrecognized access from 24.127.60.113:1444 to UDP port
> 3803 Sat 02 Apr 2005 01:07:52 EST Unrecognized access from
> 24.127.60.113:1444 to UDP port 3803 Sat 02 Apr 2005 01:10:39
> EST Unrecognized access from 24.127.60.113:1444 to UDP port
> 3803 Sat 02 Apr 2005 01:10:42 EST Unrecognized access from
> 24.127.60.113:1444 to UDP port 3803 Sat 02 Apr 2005 01:10:45
> EST Unrecognized access from 24.127.60.113:1444 to UDP port
> 3803 Sat 02 Apr 2005 01:12:31 EST Unrecognized access from
> 24.127.60.113:1444 to UDP port 3803 Sat 02 Apr 2005 01:12:35
> EST Unrecognized access from 24.127.60.113:1444 to UDP port
> 3803 Sat 02 Apr 2005 01:12:38 EST Unrecognized access from
> 24.127.60.113:1444 to UDP port 3803 Sat 02 Apr 2005 01:15:17
> EST Unrecognized access from 24.166.80.110:3253 to UDP port
> 3803 Sat 02 Apr 2005 01:15:20 EST Unrecognized access from
> 24.166.80.110:3253 to UDP port 3803 Sat 02 Apr 2005 01:15:23
> EST Unrecognized access from 24.166.80.110:3253 to UDP port
> 3803 Sat 02 Apr 2005 01:17:19 EST Unrecognized access from
> 24.166.80.110:3253 to UDP port 3803 Sat 02 Apr 2005 01:17:22
> EST Unrecognized access from 24.166.80.110:3253 to UDP port
> 3803 Sat 02 Apr 2005 01:17:25 EST Unrecognized access from
> 24.166.80.110:3253 to UDP port 3803 Sat 02 Apr 2005 01:19:00
> EST Unrecognized access from 24.166.80.110:3253 to UDP port
> 3803 Sat 02 Apr 2005 01:19:03 EST Unrecognized access from
> 24.166.80.110:3253 to UDP port 3803 Sat 02 Apr 2005 01:21:11
> EST Unrecognized access from 24.166.80.110:3253 to UDP port
> 3803 Sat 02 Apr 2005 01:21:14 EST Unrecognized access from
> 24.166.80.110:3253 to UDP port 3803 Sat 02 Apr 2005 01:21:17
> EST Unrecognized access from 24.166.80.110:3253 to UDP port
> 3803 Sat 02 Apr 2005 01:23:19 EST Unrecognized access from
> 24.166.80.110:3253 to UDP port 3803 Sat 02 Apr 2005 01:23:22
> EST Unrecognized access from 24.166.80.110:3253 to UDP port
> 3803 Sat 02 Apr 2005 01:23:25 EST Unrecognized access from
> 24.166.80.110:3253 to UDP port 3803 Sat 02 Apr 2005 01:25:41
> EST Unrecognized access from 24.166.80.110:3253 to UDP port
> 3803 Sat 02 Apr 2005 01:25:44 EST Unrecognized access from
> 24.166.80.110:3253 to UDP port 3803 Sat 02 Apr 2005 01:25:47
> EST Unrecognized access from 24.166.80.110:3253 to UDP port
> 3803 Sat 02 Apr 2005 01:26:43 EST Unrecognized access from
> 24.166.80.110:3253 to UDP port 3803 Sat 02 Apr 2005 01:26:46
> EST Unrecognized access from 24.166.80.110:3253 to UDP port
> 3803 Sat 02 Apr 2005 01:26:49 EST Unrecognized access from
> 24.166.80.110:3253 to UDP port 3803 Sat 02 Apr 2005 01:27:46
> EST Unrecognized access from 24.166.80.110:3253 to UDP port
> 3803 Sat 02 Apr 2005 01:27:50 EST Unrecognized access from
> 24.166.80.110:3253 to UDP port 3803 Sat 02 Apr 2005 01:27:53
> EST Unrecognized access from 24.166.80.110:3253 to UDP port
> 3803 Sat 02 Apr 2005 01:29:32 EST Unrecognized access from
> 24.166.80.110:3253 to UDP port 3803 Sat 02 Apr 2005 01:29:35
> EST Unrecognized access from 24.166.80.110:3253 to UDP port
> 3803 Sat 02 Apr 2005 01:29:38 EST Unrecognized access from
> 24.166.80.110:3253 to UDP port 3803 Sat 02 Apr 2005 01:30:48
> EST Unrecognized access from 24.166.80.110:3253 to UDP port
> 3803 Sat 02 Apr 2005 01:30:51 EST Unrecognized access from
> 24.166.80.110:3253 to UDP port 3803 Sat 02 Apr 2005 01:30:54
> EST Unrecognized access from 24.166.80.110:3253 to UDP port
> 3803 Sat 02 Apr 2005 01:32:19 EST Unrecognized access from
> 24.92.117.143:3646 to UDP port 3803 Sat 02 Apr 2005 01:32:22
> EST Unrecognized access from 24.92.117.143:3646 to UDP port
> 3803 Sat 02 Apr 2005 01:32:25 EST Unrecognized access from
> 24.92.117.143:3646 to UDP port 3803 Sat 02 Apr 2005 01:34:35
> EST Unrecognized access from 24.163.18.94:1170 to UDP port
> 3803 Sat 02 Apr 2005 01:34:39 EST Unrecognized access from
> 24.163.18.94:1170 to UDP port 3803 Sat 02 Apr 2005 01:36:46
> EST Unrecognized access from 24.15.88.186:2474 to UDP port
> 3803 Sat 02 Apr 2005 01:36:52 EST Unrecognized access from
> 24.15.88.186:2474 to UDP port 3803 Sat 02 Apr 2005 01:39:57
> EST Unrecognized access from 24.30.234.231:2735 to UDP port
> 3803 Sat 02 Apr 2005 01:40:01 EST Unrecognized access from
> 24.30.234.231:2735 to UDP port 3803 Sat 02 Apr 2005 01:40:04
> EST Unrecognized access from 24.30.234.231:2735 to UDP port
> 3803 Sat 02 Apr 2005 01:41:15 EST Unrecognized access from
> 24.30.234.231:2735 to UDP port 3803 Sat 02 Apr 2005 01:41:19
> EST Unrecognized access from 24.30.234.231:2735 to UDP port
> 3803 Sat 02 Apr 2005 01:41:22 EST Unrecognized access from
> 24.30.234.231:2735 to UDP port 3803 Sat 02 Apr 2005 01:44:57
> EST Unrecognized access from 24.27.148.98:2083 to UDP port
> 3803 Sat 02 Apr 2005 01:45:01 EST Unrecognized access from
> 24.27.148.98:2083 to UDP port 3803 Sat 02 Apr 2005 01:45:04
> EST Unrecognized access from 24.27.148.98:2083 to UDP port
> 3803 Sat 02 Apr 2005 02:22:19 EST Unrecognized access from
> 24.18.93.190:2907 to UDP port 3803 Sat 02 Apr 2005 02:22:22
> EST Unrecognized access from 24.18.93.190:2907 to UDP port
> 3803 Sat 02 Apr 2005 02:22:26 EST Unrecognized access from
> 24.18.93.190:2907 to UDP port 3803 Sat 02 Apr 2005 02:25:18
> EST Unrecognized access from 24.18.93.190:2907 to UDP port
> 3803 Sat 02 Apr 2005 02:25:21 EST Unrecognized access from
> 24.18.93.190:2907 to UDP port 3803 Sat 02 Apr 2005 02:25:25
> EST Unrecognized access from 24.18.93.190:2907 to UDP port
> 3803 Sat 02 Apr 2005 02:27:05 EST Unrecognized access from
> 24.18.93.190:2907 to UDP port 3803 Sat 02 Apr 2005 02:27:08
> EST Unrecognized access from 24.18.93.190:2907 to UDP port
> 3803 Sat 02 Apr 2005 02:27:11 EST Unrecognized access from
> 24.18.93.190:2907 to UDP port 3803 Sat 02 Apr 2005 02:28:44
> EST Unrecognized access from 24.18.93.190:2907 to UDP port
> 3803 Sat 02 Apr 2005 02:28:47 EST Unrecognized access from
> 24.18.93.190:2907 to UDP port 3803 Sat 02 Apr 2005 02:28:50
> EST Unrecognized access from 24.18.93.190:2907 to UDP port
> 3803 Sat 02 Apr 2005 02:30:44 EST Unrecognized access from
> 24.3.81.207:1214 to UDP port 3803 Sat 02 Apr 2005 02:30:47
> EST Unrecognized access from 24.3.81.207:1214 to UDP port
> 3803 Sat 02 Apr 2005 02:30:50 EST Unrecognized access from
> 24.3.81.207:1214 to UDP port 3803 Sat 02 Apr 2005 02:35:03
> EST Unrecognized access from 24.116.92.62:4998 to UDP port
> 3803 Sat 02 Apr 2005 02:35:06 EST Unrecognized access from
> 24.116.92.62:4998 to UDP port 3803 Sat 02 Apr 2005 02:35:09
> EST Unrecognized access from 24.116.92.62:4998 to UDP port
> 3803 Sat 02 Apr 2005 02:45:27 EST Unrecognized access from
> 24.116.92.62:4998 to UDP port 3803 Sat 02 Apr 2005 02:45:30
> EST Unrecognized access from 24.116.92.62:4998 to UDP port
> 3803 Sat 02 Apr 2005 02:45:33 EST Unrecognized access from
> 24.116.92.62:4998 to UDP port 3803 Sat 02 Apr 2005 02:48:35
> EST Unrecognized access from 24.116.92.62:4998 to UDP port
> 3803 Sat 02 Apr 2005 02:48:38 EST Unrecognized access from
> 24.116.92.62:4998 to UDP port 3803 Sat 02 Apr 2005 02:48:41
> EST Unrecognized access from 24.116.92.62:4998 to UDP port
> 3803 Sat 02 Apr 2005 02:49:48 EST Unrecognized access from
> 24.116.92.62:4998 to UDP port 3803 Sat 02 Apr 2005 02:49:51
> EST Unrecognized access from 24.116.92.62:4998 to UDP port
> 3803 Sat 02 Apr 2005 02:49:53 EST Unrecognized access from
> 24.116.92.62:4998 to UDP port 3803 Sat 02 Apr 2005 02:55:49
> EST Unrecognized access from 24.116.92.62:4998 to UDP port
> 3803 Sat 02 Apr 2005 02:55:53 EST Unrecognized access from
> 24.116.92.62:4998 to UDP port 3803 Sat 02 Apr 2005 02:55:55
> EST Unrecognized access from 24.116.92.62:4998 to UDP port
> 3803 Sat 02 Apr 2005 02:57:42 EST Unrecognized access from
> 24.116.92.62:4998 to UDP port 3803 Sat 02 Apr 2005 02:57:46
> EST Unrecognized access from 24.116.92.62:4998 to UDP port
> 3803 Sat 02 Apr 2005 02:57:49 EST Unrecognized access from
> 24.116.92.62:4998 to UDP port 3803 Sat 02 Apr 2005 02:59:08
> EST Unrecognized access from
> 209.30.250.197:3303 to UDP port 3803
> Sat 02 Apr 2005 02:59:11 EST Unrecognized access from
> 209.30.250.197:3303 to UDP port 3803
> Sat 02 Apr 2005 02:59:14 EST Unrecognized access from
> 209.30.250.197:3303 to UDP port 3803
> Sat 02 Apr 2005 03:03:04 EST Unrecognized access from
> 209.30.250.197:3303 to UDP port 3803
> Sat 02 Apr 2005 03:03:10 EST Unrecognized access from
> 209.30.250.197:3303 to UDP port 3803
> Sat 02 Apr 2005 03:03:13 EST Unrecognized access from
> 209.30.250.197:3303 to UDP port 3803
> Sat 02 Apr 2005 03:06:01 EST Unrecognized access from
> 209.30.250.197:3303 to UDP port 3803
> Sat 02 Apr 2005 03:06:03 EST Unrecognized access from
> 209.30.250.197:3303 to UDP port 3803
> Sat 02 Apr 2005 03:06:06 EST Unrecognized access from
> 209.30.250.197:3303 to UDP port 3803
> Sat 02 Apr 2005 03:07:58 EST Unrecognized access from
> 209.30.250.197:3303 to UDP port 3803
> Sat 02 Apr 2005 03:08:01 EST Unrecognized access from
> 209.30.250.197:3303 to UDP port 3803
> Sat 02 Apr 2005 03:08:04 EST Unrecognized access from
> 209.30.250.197:3303 to UDP port 3803
> Sat 02 Apr 2005 03:09:41 EST Unrecognized access from
> 209.30.250.197:3303 to UDP port 3803
> Sat 02 Apr 2005 03:09:44 EST Unrecognized access from
> 209.30.250.197:3303 to UDP port 3803
> Sat 02 Apr 2005 03:09:47 EST Unrecognized access from
> 209.30.250.197:3303 to UDP port 3803
> Sat 02 Apr 2005 03:11:39 EST Unrecognized access from
> 209.30.250.197:3303 to UDP port 3803
> Sat 02 Apr 2005 03:11:43 EST Unrecognized access from
> 209.30.250.197:3303 to UDP port 3803
> Sat 02 Apr 2005 03:11:45 EST Unrecognized access from
> 209.30.250.197:3303 to UDP port 3803
>
>
>
>
> --
> Michael <blackavar at citizensofgravity.com>
>
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>
More information about the Intrusions
mailing list