AW: [Dshield] Scans on port 3659?

hluettich Holger.Luettich at t-online.de
Sun Nov 10 19:17:14 GMT 2002


Hi all,

Have a look at http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=3659
,
The CVE website is also linked a dshield

Best

Holger

-----Ursprüngliche Nachricht-----
Von: list-admin at dshield.org [mailto:list-admin at dshield.org] Im Auftrag
von André Costa
Gesendet: Donnerstag, 7. November 2002 17:53
An: DShield ML
Betreff: [Dshield] Scans on port 3659?


Hi all,

I am new to this list and to firewall maintenance in general, so please
bear with any stupid thing I might say ;) Also, if this is not the right
place for such questions, please apologize and direct me somewhere else.

I have a dual boot machine here at home, with Win2k Pro and RH Linux 7.1
(kernel 2.4.19), connected to a cablemodem. I have Sygate Personal
Firewall on Win2k and iptables on Linux, both seem to be working fine.

For the last two days I've been blocking TCP scans on my port 3659 like
hell. These seem to come from different ports on the same machines as
in: (taken from exported SPF logs)

[snip]
1476    11/07/2002 13:33:16     Blocked TCP     Incoming
200.168.1.105   3950    200.255.184.111 3659            3
11/07/2002
13:32:05     11/07/2
002 13:32:14    Block_all
1478    11/07/2002 13:34:02     Blocked TCP     Incoming
200.168.1.105   3992    200.255.184.111 3659            3
11/07/2002
13:32:48     11/07/2
002 13:32:57    Block_all
1480    11/07/2002 13:37:28     Blocked TCP     Incoming
200.168.1.105   4069    200.255.184.111 3659            3
11/07/2002
13:36:18     11/07/2
002 13:36:27    Block_all
1481    11/07/2002 13:38:09     Blocked TCP     Incoming
200.168.1.105   4095    200.255.184.111 3659            3
11/07/2002
13:36:54     11/07/2
002 13:37:03    Block_all
1482    11/07/2002 13:38:29     Blocked TCP     Incoming
200.168.1.105   4117    200.255.184.111 3659            3
11/07/2002
13:37:17     11/07/2
002 13:37:26    Block_all
1483    11/07/2002 13:38:50     Blocked TCP     Incoming
200.168.1.105   4139    200.255.184.111 3659            3
11/07/2002
13:37:37     11/07/2
002 13:37:46    Block_all
[snip]

But it also comes from different sources as well (many times a day,
sometimes a few minutes apart).

I tried Google for info on recent activity on this port, but found
nothing. No luck here either:
http://www.linuxsecurity.com/resource_files/firewalls/firewall-seen.html

Anybody out there experiencing the same? Should I report it somewhere?

TIA,

Andre


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.410 / Virus Database: 231 - Release Date: 31/10/2002

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list





More information about the list mailing list