[unisog] Scan of port 901/tcp

Dennis Viner Dennis_Viner at kgi.edu
Mon Mar 10 20:12:20 GMT 2003


Our logs also show a scan of port 901 from the same source IP address on two
different days. On March 6th starting at 12:20 PM (PST) there were 83
entries and then again on 3/8 at 4:44 AM there were 2 more entries.

Dennis Viner 
Network and Systems Administrator 
Keck Graduate Institute 
909.607.8594 Phone 

> -----Original Message-----
> From: Anderson Johnston [mailto:andy at umbc.edu]
> Sent: Sunday, March 09, 2003 2:36 PM
> To: unisog at sans.org
> Cc: security at umbc.edu
> Subject: [unisog] Scan of port 901/tcp
> 
> 
> 
> I don't remember seeing this port scanned before.  It's used by SWAT
> (Samba Web Administration Tool).  Has any one else seen these scans?
> 
> 				- Andy Johnston
> 
> 
> Log Excerpt:
> 
> Mar  8 07:37:43 216.47.156.180:3161 -> MY.NET.229.166:901 SYN ******S*
> Mar  8 07:37:43 216.47.156.180:3146 -> MY.NET.229.163:901 SYN ******S*
> Mar  8 07:37:43 216.47.156.180:3166 -> MY.NET.229.167:901 SYN ******S*
> Mar  8 07:37:43 216.47.156.180:3131 -> MY.NET.229.160:901 SYN ******S*
> Mar  8 07:37:44 216.47.156.180:3657 -> MY.NET.229.214:901 SYN ******S*
> Mar  8 07:37:44 216.47.156.180:3662 -> MY.NET.229.215:901 SYN ******S*
> Mar  8 07:37:44 216.47.156.180:3682 -> MY.NET.229.219:901 SYN ******S*
> Mar  8 07:37:44 216.47.156.180:3692 -> MY.NET.229.221:901 SYN ******S*
> Mar  8 07:37:44 216.47.156.180:3732 -> MY.NET.229.229:901 SYN ******S*
> Mar  8 07:37:44 216.47.156.180:3767 -> MY.NET.229.236:901 SYN ******S*
> Mar  8 07:37:44 216.47.156.180:3772 -> MY.NET.229.237:901 SYN ******S*
> 
> 
> --------------------------------------------------------------
> ----------------
> ** Andy Johnston (andy at umbc.edu)          *            pager: 
> 410-678-8949  **
> ** Manager of IT Security                 * PGP key:(afj2000) 
> 1024/F67035E1 **
> ** Office of Information Technology, UMBC *        5D 44 1E 
> 2E A6 7C 91 7A  **
> ** 410-455-2583 (v)/410-455-1065 (f)      *        C4 66 5F 
> D5 BA B9 F6 58  **
> --------------------------------------------------------------
> ----------------
> 



More information about the unisog mailing list