[Dshield] port scans 32769 to 33718

Barton L. Phillips admin at bartonphillips.com
Fri Dec 26 17:44:28 GMT 2003


Here is a summary from the DShield report:

Port Scanners
=============

    source     | Ports Scanned | Host Name
---------------+---------------+------------
 198.137.254.71|         470   | panther.misty.com
   66.250.40.33|         396   | clapton.quatro.com
  152.20.240.35|         373   | dcc.uncw.edu
   212.95.66.23|         373   | publix.sdv.fr
 194.85.132.210|         373   | univac.spamcheck.net
 206.169.162.65|         373   | 
  137.118.60.88|         373   | dccpub1.neonova.net
 209.157.153.22|         373   | dcc.meer.net
  38.144.80.234|         371   | dcc.servercave.com
207.195.195.223|         371   | dcc3.sihope.com
  153.19.44.252|         366   | diamond.ely.pg.gda.pl
  80.190.230.71|         364   | 
 24.145.146.160|           2   | user-0c934l0.cable.mindspring.com

All the scans are UDP from 32769 through 33718. 
I have gotten more today. This just started. Up until yesterday I have never seen these scans. I do occasionally get scanned but not this range and from so many different IP addresses during one day. I suspect this must be some organized search. Most likely a worm or trojan. Has no one else seen this during the last couple of days?



-- 
----------------
Barton L. Phillips
Applied Technology Resources, Inc.
Tel: (818)652-9850
Web: http://www.applitec.com





More information about the list mailing list