[Dshield] Dipnet/Oddbob and other interesting scans
Jon Kibler
Jon.Kibler at aset.com
Sat Jun 21 09:16:25 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I have noticed in recent days a big jump in scans to tcp/15118, which
appears to be dipnet/oddbob scans (based on target port). At the same
time, I am also seeing a big increase in scans to some other interesting
ports:
58648/tcp
58698/tcp
46114/tcp
45602/tcp
and the port pattern:
58[78][12][0-9]/tcp
The dipnet/oddbob scans all originate from a small hand full of IPs
(mostly comcast or *.ru) that hit each IP multiple times, but the other
scans seem to originate mostly from eastern Europe, and usually only
scan an IP a couple of times per source IP.
Anyone else seeing similar scans?
Any idea what is special about the target ports I noted?
TIA!
Jon
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224
My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkhcxukACgkQUVxQRc85QlNoFgCdGogTN869GYWxMRjsdiVYSrSk
QBsAn2X+T+3OzLcYnVl2n3I7l5Ka/haO
=/Roi
-----END PGP SIGNATURE-----
=========================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.
More information about the list
mailing list