[Dshield] Recent Submission - Possible Firewall Misconfiguration

Bruce & Roma ecarew2531 at rogers.com
Wed Oct 8 02:21:34 GMT 2003


I have a question about one of my recent DShield submissions.

Source IP: 200.239.53.35
Source Port 4733 & 4734 (Twice on each port)
Dest Port 113

Color coded on DShield as Possible Firewall Misconfiguration

However when I check the IP Info there were 11 other submitters
seeing similar activity.  Stats were:

Total Records Against IP: 244
Number of Targets: 11
Date Range: 2003-09-13 to 2003-10-07

Port            Attacks
113             118
25                73
34409               8
35307               6
2002                6
35393               6
1967                6
35412               6
34410               6
2058                6

With a number of DShield submitters seeing similar activity
from the same IP over this period of time, is this really a
"Firewall Misconfiguration"?

The hostname associated with this IP was spliff.pangeia.com.br
registered to PANGEIA INFORMATICA LTDA in Brazil


Thanks,

Bruce




More information about the list mailing list