[Dshield] Attack in 17300 ports!

Purcaru Tudor Stefan stefan.purcaru at cnd-group.ro
Tue Oct 7 20:59:41 GMT 2003


Hey
In this night.. my firewall filtred this port 17300.. and.. block

Look here:

Fpacket: Kuang2theVirus IN=eth0 OUT=
MAC=00:60:b0:a5:bd:55:00:00:cd:03:3d:fb:08:00 SRC=66.31.197.223
DST=80.97.109.34 LEN=48 TOS=0x00 PREC=0x80 TTL=98 ID=55842 DF PROTO=TCP
SPT=2291 DPT=17300 WINDOW=16384 RES=0x00 SYN URGP=0
Fpacket: Kuang2theVirus IN=eth0 OUT=
MAC=00:60:b0:a5:bd:55:00:00:cd:03:3d:fb:08:00 SRC=66.31.197.223
DST=80.97.109.35 LEN=48 TOS=0x00 PREC=0x80 TTL=98 ID=55843 DF PROTO=TCP
SPT=2292 DPT=17300 WINDOW=16384 RES=0x00 SYN URGP=0
Fpacket: Kuang2theVirus IN=eth0 OUT=
MAC=00:60:b0:a5:bd:55:00:00:cd:03:3d:fb:08:00 SRC=66.31.197.223
DST=80.97.109.36 LEN=48 TOS=0x00 PREC=0x80 TTL=98 ID=55844 DF PROTO=TCP
SPT=2293 DPT=17300 WINDOW=16384 RES=0x00 SYN URGP=0
Fpacket: Kuang2theVirus IN=eth0 OUT=
MAC=00:60:b0:a5:bd:55:00:00:cd:03:3d:fb:08:00 SRC=66.31.197.223
DST=80.97.109.37 LEN=48 TOS=0x00 PREC=0x80 TTL=98 ID=55845 DF PROTO=TCP
SPT=2294 DPT=17300 WINDOW=16384 RES=0x00 SYN URGP=0
Fpacket: Kuang2theVirus IN=eth0 OUT=
MAC=00:60:b0:a5:bd:55:00:00:cd:03:3d:fb:08:00 SRC=66.31.197.223
DST=80.97.109.38 LEN=48 TOS=0x00 PREC=0x80 TTL=98 ID=55846 DF PROTO=TCP
SPT=2295 DPT=17300 WINDOW=16384 RES=0x00 SYN URGP=0


worm worm worm ..

Who is owner for this worm ? hmm

-- 
Purcaru Tudor Stefan
Network Administrator

C&D Group Business Tech

Str. Mihail Saulescu Nr.103 Predeal
Tel: +40 724/274587
E-mail: stefan.purcaru at cnd-group.ro
www: http://www.cnd-group.ro




More information about the list mailing list