[Dshield] BIRCH

John Sage jsage at finchhaven.com
Sun Jun 8 03:11:29 GMT 2003

It's a port scan; noisy, not very subtle, kinda like a shotgun when a
stiletto would do...

On Sat, Jun 07, 2003 at 06:51:11PM -0500, Doug White wrote:
> Anyone now what this is all about?
> This individual attempted to access my computer 455 times
> type,date,time,source,destination,transport,count
> FWIN,2003/06/07,14:12:04,-5:00,,12035,,137,UDP,1
> FWIN,2003/06/07,14:14:22,-5:00,,1168,,1008,TCP
> (flags:S),1
> FWIN,2003/06/07,14:14:22,-5:00,,1169,,1067,TCP
> (flags:S),1
> FWIN,2003/06/07,14:14:22,-5:00,,1170,,1127,TCP
> (flags:S),1
> FWIN,2003/06/07,14:14:22,-5:00,,1171,,1346,TCP
> (flags:S),1

...see http://www.insecure.org/nmap/index.html for one tool to do just
this sort of thing.

- John
"You are in a twisty maze of weblogs, all alike."

See our all-new look! http://www.finchhaven.com/

More information about the list mailing list