[Dshield] Dipnet/Oddbob and other interesting scans

freebase69 at hotmail.com freebase69 at hotmail.com
Sat Jun 21 21:12:17 GMT 2008 

Nothing special about the ports that I can think of. Ill have to investigate to see if we are seeing the same thing.

Sorry I don't have any more info at this time. If anyone else is seeing increased activity please fill in the gaps.

Thanks.

Sent from my BlackBerry® smartphone with SprintSpeed

-----Original Message-----
From: Jon Kibler <Jon.Kibler at aset.com>

Date: Sat, 21 Jun 2008 05:16:25 
To:list at lists.dshield.org
Subject: [Dshield] Dipnet/Oddbob and other interesting scans


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I have noticed in recent days a big jump in scans to tcp/15118, which
appears to be dipnet/oddbob scans (based on target port). At the same
time, I am also seeing a big increase in scans to some other interesting
ports:
   58648/tcp
   58698/tcp
   46114/tcp
   45602/tcp
and the port pattern:
   58[78][12][0-9]/tcp

The dipnet/oddbob scans all originate from a small hand full of IPs
(mostly comcast or *.ru) that hit each IP multiple times, but the other
scans seem to originate mostly from eastern Europe, and usually only
scan an IP a couple of times per source IP.

Anyone else seeing similar scans?

Any idea what is special about the target ports I noted?

TIA!

Jon
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkhcxukACgkQUVxQRc85QlNoFgCdGogTN869GYWxMRjsdiVYSrSk
QBsAn2X+T+3OzLcYnVl2n3I7l5Ka/haO
=/Roi
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.


_________________________________________
SANSFIRE !! The Internet Storm Center Conference
http://www.sans.org/sansfire08/

More information about the list mailing list