[Dshield] UDP scans of 18000+ ports

traef06 RAEF traef06 at msn.com
Tue Feb 3 14:57:32 GMT 2004


I realize all these were blocked but I'm trying to learn about what they're 
searching for. Anyone with "useful" information please reply.

I see the source port is 53 and the dest port is in the higher 18100+ range. 
What are looking for?
Also drill down toward the bottom and see that this client started getting 
TCP FIN attempts to high ports.

This firewall has been operational for over a year and these just started 
yesterday.

Thank you in advance for all useful answers.

02/01/2004 08:54:17.352 -	UDP packet dropped -
Source:209.253.113.18, 53, WAN -	Destination:209.254.xxx.yyy, 18153,
WAN -	    Port: 18153 -   Rule 17

02/01/2004 08:55:18.336 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 18152,
WAN -	    Port: 18152 -   Rule 17

02/01/2004 09:10:32.720 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 18158,
WAN -	    Port: 18158 -   Rule 17

02/01/2004 09:26:01.688 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 18182,
WAN -	    Port: 18182 -   Rule 17

02/01/2004 09:41:18.864 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 18190,
WAN -	    Port: 18190 -   Rule 17

02/01/2004 09:56:04.112 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 18195,
WAN -	    Port: 18195 -   Rule 17

02/01/2004 11:11:15.144 -	UDP packet dropped -
Source:209.253.113.18, 53, WAN -	Destination:209.254.xxx.yyy, 18227,
WAN -	    Port: 18227 -   Rule 17

02/01/2004 11:43:20.128 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 18247,
WAN -	    Port: 18247 -   Rule 17

02/01/2004 11:58:34.624 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 18294,
WAN -	    Port: 18294 -   Rule 17

02/01/2004 12:13:18.080 -	UDP packet dropped -
Source:209.253.113.18, 53, WAN -	Destination:209.254.xxx.yyy, 18310,
WAN -	    Port: 18310 -   Rule 17

02/01/2004 12:14:25.096 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 18306,
WAN -	    Port: 18306 -   Rule 17

02/01/2004 12:28:50.048 -	UDP packet dropped -
Source:209.253.113.18, 53, WAN -	Destination:209.254.xxx.yyy, 18321,
WAN -	    Port: 18321 -   Rule 17

02/01/2004 12:29:53.048 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 18317,
WAN -	    Port: 18317 -   Rule 17

02/01/2004 12:45:20.032 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 18327,
WAN -	    Port: 18327 -   Rule 17

02/01/2004 13:00:52.160 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 18333,
WAN -	    Port: 18333 -   Rule 17

02/01/2004 17:52:15.480 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 18486,
WAN -	    Port: 18486 -   Rule 17

02/01/2004 18:07:40.528 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 18495,
WAN -	    Port: 18495 -   Rule 17

02/01/2004 18:26:47.496 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 18510,
WAN -	    Port: 18510 -   Rule 17

02/01/2004 18:41:30.240 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 18522,
WAN -	    Port: 18522 -   Rule 17

02/01/2004 18:57:14.432 -	UDP packet dropped -
Source:209.253.113.18, 53, WAN -	Destination:209.254.xxx.yyy, 18529,
WAN -	    Port: 18529 -   Rule 17

02/01/2004 18:58:20.464 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 18525,
WAN -	    Port: 18525 -   Rule 17

02/01/2004 20:07:49.832 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 18555,
WAN -	    Port: 18555 -   Rule 17

02/01/2004 20:14:55.464 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 18565,
WAN -	    Port: 18565 -   Rule 17

02/01/2004 21:08:15.448 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 18594,
WAN -	    Port: 18594 -   Rule 17

02/01/2004 21:16:30.448 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 18602,
WAN -	    Port: 18602 -   Rule 17

02/01/2004 21:31:58.416 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 18613,
WAN -	    Port: 18613 -   Rule 17

02/02/2004 08:01:38.688 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 19040,
WAN -	    Port: 19040 -   Rule 17

02/02/2004 08:01:40.912 -	Possible Port Scan Dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 19064,
WAN -	    UDP scanned port list, 19040, 19054, 19045, 19049, 19047 -

02/02/2004 08:22:33.192 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 19536,
WAN -	    Port: 19536 -   Rule 17

02/02/2004 08:28:43.112 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 19845,
WAN -	    Port: 19845 -   Rule 17

02/02/2004 08:42:02.896 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 20430,
WAN -	    Port: 20430 -   Rule 17

02/02/2004 08:51:30.624 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 20467,
WAN -	    Port: 20467 -   Rule 17

02/02/2004 09:07:41.464 -	TCP FIN packet dropped	-
Source:64.124.82.176, 80, WAN - 	Destination:209.254.xxx.yyy, 20825,
WAN -

02/02/2004 09:10:53.608 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 20968,
WAN -	    Port: 20968 -   Rule 17

02/02/2004 09:15:29.304 -	TCP FIN packet dropped	-
Source:64.124.82.176, 80, WAN - 	Destination:209.254.xxx.yyy, 20808,
WAN -	     -

02/02/2004 09:40:12.368 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 21154,
WAN -	    Port: 21154 -   Rule 17

02/02/2004 09:43:04.672 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 21173,
WAN -	    Port: 21173 -   Rule 17

02/02/2004 09:45:09.704 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 21261,
WAN -	    Port: 21261 -   Rule 17

02/02/2004 10:16:52.608 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 21673,
WAN -	    Port: 21673 -   Rule 17

02/02/2004 10:33:07.640 -	UDP packet dropped -
Source:209.253.113.2, 53, WAN - 	Destination:209.254.xxx.yyy, 28339,
WAN -	    Port: 28339 -   Rule 17

_________________________________________________________________
Learn how to choose, serve, and enjoy wine at Wine @ MSN. 
http://wine.msn.com/




More information about the list mailing list