[Dshield] New scanner? -- ports: 12345 + 1243 + 27374

Jon R. Kibler Jon.Kibler at aset.com
Sun Feb 29 18:31:27 GMT 2004


Looks like there may be some new type of worm or port scanner. Just started seeing these combos since 1700 GMT today. Times on these logs are GMT-0500.

Thoughts anyone?

Jon Kibler
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214


> Feb 29 13:06:50 border8215 list 110 denied tcp 213.122.158.a(4378) -> w.x.z.50(12345), 1 packet
> Feb 29 13:08:39 border8215 list 110 denied tcp 213.122.158.a(1226) -> w.x.y.64(12345), 1 packet
> Feb 29 13:08:40 border8215 list 110 denied tcp 213.122.158.a(1235) -> w.x.y.67(12345), 1 packet
> Feb 29 13:08:42 border8215 list 110 denied tcp 213.122.158.a(1228) -> w.x.y.64(1243), 1 packet
> Feb 29 13:08:43 border8215 list 110 denied tcp 213.122.158.a(1259) -> w.x.y.75(12345), 1 packet
> Feb 29 13:08:44 border8215 list 110 denied tcp 213.122.158.a(1242) -> w.x.y.69(27374), 1 packet
> Feb 29 13:08:45 border8215 list 110 denied tcp 213.122.158.a(1278) -> w.x.y.81(27374), 1 packet
> Feb 29 13:08:46 border8215 list 110 denied tcp 213.122.158.a(1262) -> w.x.y.76(12345), 1 packet
> Feb 29 13:08:47 border8215 list 110 denied tcp 213.122.158.a(1270) -> w.x.y.78(1243), 1 packet
> Feb 29 13:08:49 border8215 list 110 denied tcp 213.122.158.a(1229) -> w.x.y.65(12345), 1 packet
> Feb 29 13:08:50 border8215 list 110 denied tcp 213.122.158.a(1236) -> w.x.y.67(27374), 1 packet
> Feb 29 13:08:51 border8215 list 110 denied tcp 213.122.158.a(1293) -> w.x.y.86(27374), 1 packet
> Feb 29 13:08:52 border8215 list 110 denied tcp 213.122.158.a(1253) -> w.x.y.73(12345), 1 packet
> Feb 29 13:08:53 border8215 list 110 denied tcp 213.122.158.a(1264) -> w.x.y.76(1243), 1 packet
> Feb 29 13:08:54 border8215 list 110 denied tcp 213.122.158.a(1273) -> w.x.y.79(1243), 1 packet
> Feb 29 13:08:55 border8215 list 110 denied tcp 213.122.158.a(1281) -> w.x.y.82(27374), 1 packet
> Feb 29 13:08:56 border8215 list 110 denied tcp 213.122.158.a(1289) -> w.x.y.85(12345), 1 packet
> Feb 29 13:08:57 border8215 list 110 denied tcp 213.122.158.a(1297) -> w.x.y.87(1243), 1 packet
> Feb 29 13:08:58 border8215 list 110 denied tcp 213.122.158.a(1305) -> w.x.y.90(27374), 1 packet
> Feb 29 13:08:59 border8215 list 110 denied tcp 213.122.158.a(1313) -> w.x.y.93(12345), 1 packet
> Feb 29 13:09:00 border8215 list 110 denied tcp 213.122.158.a(1320) -> w.x.y.95(27374), 1 packet




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list