[Dshield] Port 38293

Doug White doug at dwhite.ws
Wed Jun 11 19:16:54 GMT 2003


I am getting the following from a Brazilian IP

FWIN,2003/06/02,23:08:26,-5:00,200.157.42.51,25201,xx.xx.xx.xx,1080,TCP
(flags:S),1
FWIN,2003/06/02,23:08:26,-5:00,200.157.42.51,61021,xx.xx.xx.xx,1075,TCP
(flags:S),1
FWIN,2003/06/02,23:08:26,-5:00,200.157.42.51,46419,xx.xx.xx.xx,6588,TCP
(flags:S),1
FWIN,2003/06/02,23:08:26,-5:00,200.157.42.51,36602,xx.xx.xx.xx,3128,TCP
(flags:S),1
FWIN,2003/06/02,23:08:26,-5:00,200.157.42.51,55235,xx.xx.xx.xx,8080,TCP
(flags:S),1
FWIN,2003/06/10,08:02:34,-5:00,200.157.42.51,20937,xx.xx.xx.xx,1080,TCP
(flags:S),10
FWIN,2003/06/10,08:02:34,-5:00,200.157.42.51,34790,xx.xx.xx.xx,1075,TCP
(flags:S),10
FWIN,2003/06/10,08:02:34,-5:00,200.157.42.51,13980,xx.xx.xx.xx,4588,TCP
(flags:S),10
FWIN,2003/06/10,08:02:34,-5:00,200.157.42.51,17096,xx.xx.xx.xx,6588,TCP
(flags:S),10
FWIN,2003/06/10,08:02:34,-5:00,200.157.42.51,27967,xx.xx.xx.xx,3128,TCP
(flags:S),10
FWIN,2003/06/10,08:02:34,-5:00,200.157.42.51,25788,xx.xx.xx.xx,8080,TCP
(flags:S),10


======================================
Stop spam on your domain, use our gateway!
For hosting solutions http://www.clickdoug.com
ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772
======================================
If you are not satisfied with my service, my job isn't done!

----- Original Message ----- 
From: <Rodney.Meryweather at ctimi.com>
To: <list at dshield.org>
Sent: Wednesday, June 11, 2003 1:03 PM
Subject: [Dshield] Port 38293


| All
|         Has any one noticed a scan on port 38293 lately. I looked up the
| port and it is one that NAV7 utilizes to call home. This is fine but the
| company does not use NAV and as you can see by the logs the source port
| was 1031 doing a scan off all of our active external interfaces. This scan
| was from a Brazil dsl connection.
|
| 9Jun2003" "12:37:03" "Drop" "38293" "200.206.139.36" "x.x.173.2" "udp"
| "1031"
| 9Jun2003" "12:37:03" "Drop" "38293" "200.206.139.36" "x.x.173.3" "udp"
| "1031"
| 9Jun2003" "12:37:03" "Drop" "38293" "200.206.139.36" "x.x.173.4" "udp"
| "1031"
| 9Jun2003" "12:37:03" "Drop" "38293" "200.206.139.36" "x.x.173.5" "udp"
| "1031"
| 9Jun2003" "12:37:03" "Drop" "38293" "200.206.139.36" "x.x.173.12" "udp"
| "1031"
| 9Jun2003" "12:37:03" "Drop" "38293" "200.206.139.36" "x.x.173.13" "udp"
| "1031"
| 9Jun2003" "12:37:03" "Drop" "38293" "200.206.139.36" "x.x.173.14" "udp"
| "1031"
| 9Jun2003" "12:37:03" "Drop" "38293" "200.206.139.36" "x.x.173.15" "udp"
| "1031"
| 9Jun2003" "12:37:03" "Drop" "38293" "200.206.139.36" "x.x.173.16" "udp"
| "1031"
| 9Jun2003" "12:37:03" "Drop" "38293" "200.206.139.36" "x.x.173.17" "udp"
| "1031"
|
| Rod Meryweather
| _______________________________________________
| list mailing list
| list at dshield.org
| To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
|




More information about the list mailing list