[Dshield] Weird Unknown Traffic Directed @ tcp/6588

Randall Gillespie randallg at cavalry.net
Mon Mar 25 06:46:52 GMT 2002


I have recieved about 150 Alerts from this and been attempting to use all my
resources before posting this but has anyone else seen this type of scan (I
have ALOT more where this came from) it started with a simple Proxy scan to
1080 and has gradually grown over 2 days as if the attacker has returned )..
Any assistance would be greatly appreciated... Mostly concerned with the
attempts @ 6588 since I have NO idea what that could be ..

thanks in advance

Randall Gillespie
Information Security Administrator
Metromedia Fiber Network
Cisco Certified Network Associate

Mar 22 07:07:03 65.16.184.131:2061 -> 216.XXX.XXX.165:21 SYN ******S*
Mar 22 07:07:03 65.16.184.131:2062 -> 216.XXX.XXX.165:25 SYN ******S*
Mar 22 07:07:03 65.16.184.131:2063 -> 216.XXX.XXX.165:80 SYN ******S*
Mar 22 07:07:03 65.16.184.131:2064 -> 216.XXX.XXX.165:110 SYN ******S*
Mar 22 07:07:04 65.16.184.131:2051 -> 216.XXX.XXX.163:119 SYN ******S*
Mar 22 07:07:04 65.16.184.131:2052 -> 216.XXX.XXX.163:1080 SYN ******S*
Mar 22 07:07:04 65.16.184.131:2053 -> 216.XXX.XXX.163:6588 SYN ******S*





More information about the list mailing list