[Dshield] Port 38293

Rodney.Meryweather@ctimi.com Rodney.Meryweather at ctimi.com
Wed Jun 11 18:03:00 GMT 2003


All
        Has any one noticed a scan on port 38293 lately. I looked up the 
port and it is one that NAV7 utilizes to call home. This is fine but the 
company does not use NAV and as you can see by the logs the source port 
was 1031 doing a scan off all of our active external interfaces. This scan 
was from a Brazil dsl connection.
 
9Jun2003" "12:37:03" "Drop" "38293" "200.206.139.36" "x.x.173.2" "udp" 
"1031"
9Jun2003" "12:37:03" "Drop" "38293" "200.206.139.36" "x.x.173.3" "udp" 
"1031" 
9Jun2003" "12:37:03" "Drop" "38293" "200.206.139.36" "x.x.173.4" "udp" 
"1031" 
9Jun2003" "12:37:03" "Drop" "38293" "200.206.139.36" "x.x.173.5" "udp" 
"1031" 
9Jun2003" "12:37:03" "Drop" "38293" "200.206.139.36" "x.x.173.12" "udp" 
"1031" 
9Jun2003" "12:37:03" "Drop" "38293" "200.206.139.36" "x.x.173.13" "udp" 
"1031" 
9Jun2003" "12:37:03" "Drop" "38293" "200.206.139.36" "x.x.173.14" "udp" 
"1031" 
9Jun2003" "12:37:03" "Drop" "38293" "200.206.139.36" "x.x.173.15" "udp" 
"1031" 
9Jun2003" "12:37:03" "Drop" "38293" "200.206.139.36" "x.x.173.16" "udp" 
"1031" 
9Jun2003" "12:37:03" "Drop" "38293" "200.206.139.36" "x.x.173.17" "udp" 
"1031" 

Rod Meryweather


More information about the list mailing list