[Dshield] Road Runner scan

Johannes Ullrich jullrich at euclidian.com
Wed Mar 19 21:25:04 GMT 2003


yes. looks just like it.
http://isc.incidents.org/analysis.html?id=178

On Wed, 19 Mar 2003 16:04:32 -0500
"Paul Marsh" <pmarsh at nmefdn.org> wrote:

> If I remember correctly a few weeks ago there was post regarding Road Runner scanning networks.  I was just reviewing logs and found this.  24.30.199.228 resolves to securityscan.sec.rr.com  Is this the same scan others are seeing?
> 
> 03/19/2003 12:15:08.944 TCP connection dropped 24.30.199.228, 2049, WAN xxx.xxx.xxx.xxx, 81, LAN Type: 81 21 
> 03/19/2003 12:16:13.384 TCP connection dropped 24.30.199.228, 2049, WAN xxx.xxx.xxx.xxx, 1080, LAN 'Socks' 21 
> 03/19/2003 12:17:17.864 TCP connection dropped 24.30.199.228, 2049, WAN xxx.xxx.xxx.xxx, 1180, LAN Type: 118 21 
> 03/19/2003 12:18:22.240 TCP connection dropped 24.30.199.228, 2049, WAN xxx.xxx.xxx.xxx, 3128, LAN Type: 312 21 
> 03/19/2003 12:19:26.608 TCP connection dropped 24.30.199.228, 2049, WAN xxx.xxx.xxx.xxx, 4480, LAN Type: 448 21 
> 03/19/2003 12:20:30.944 TCP connection dropped 24.30.199.228, 2049, WAN xxx.xxx.xxx.xxx, 6588, LAN Type: 658 21 
> 03/19/2003 12:21:35.432 TCP connection dropped 24.30.199.228, 2049, WAN xxx.xxx.xxx.xxx, 8000, LAN Type: 800 21 
> 03/19/2003 12:22:39.784 TCP connection dropped 24.30.199.228, 2049, WAN xxx.xxx.xxx.xxx, 8080, LAN Type: 808 21 
> 03/19/2003 12:23:44.288 TCP connection dropped 24.30.199.228, 2049, WAN xxx.xxx.xxx.xxx, 8081, LAN Type: 808 21 
> 
> Thanx, Paul
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> 


-- 
--------------------------------------------------------------------
jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org



More information about the list mailing list