[Dshield] BIRCH

John Sage jsage at finchhaven.com
Sun Jun 8 03:11:29 GMT 2003


It's a port scan; noisy, not very subtle, kinda like a shotgun when a
stiletto would do...

On Sat, Jun 07, 2003 at 06:51:11PM -0500, Doug White wrote:
> Anyone now what this is all about?
> This individual attempted to access my computer 455 times
> type,date,time,source,destination,transport,count
> FWIN,2003/06/07,14:12:04,-5:00,65.16.166.162,12035,66.139.91.38,137,UDP,1
> FWIN,2003/06/07,14:14:22,-5:00,65.16.166.162,1168,66.139.91.38,1008,TCP
> (flags:S),1
> FWIN,2003/06/07,14:14:22,-5:00,65.16.166.162,1169,66.139.91.38,1067,TCP
> (flags:S),1
> FWIN,2003/06/07,14:14:22,-5:00,65.16.166.162,1170,66.139.91.38,1127,TCP
> (flags:S),1
> FWIN,2003/06/07,14:14:22,-5:00,65.16.166.162,1171,66.139.91.38,1346,TCP
> (flags:S),1
<snip>

...see http://www.insecure.org/nmap/index.html for one tool to do just
this sort of thing.


- John
-- 
"You are in a twisty maze of weblogs, all alike."

See our all-new look! http://www.finchhaven.com/




More information about the list mailing list