[Dshield] Port 7965?

jayjwa jayjwa at atr2.ath.cx
Thu Jan 1 04:53:39 GMT 2004


A noticed this (see attachment) at about 15 minutes to midnight, tons of
attempts to connect to port 7965. As far as I can tell, that's not a known
trojan port, or is it? Any idea why this host wants so badly to connect?
My fw blocked it, and I've since banned that host by IP, but this
just seems too odd, being that I've never had anything to do with that
host. It's running a ftp, http, mysql, and mail server. I briefly checked
the website using lynx and it seems to be some kind of ad. 5 minutes later
and its generating tons of blocked host violations.

[jayjwa]


-------------- next part --------------
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=34108 DF PROTO=TCP SPT=48652 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=62246 DF PROTO=TCP SPT=58180 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=63070 DF PROTO=TCP SPT=37104 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=50298 DF PROTO=TCP SPT=46573 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=58190 DF PROTO=TCP SPT=53688 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=8761 DF PROTO=TCP SPT=34849 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=54901 DF PROTO=TCP SPT=41923 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=7259 DF PROTO=TCP SPT=51253 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=8239 DF PROTO=TCP SPT=58300 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=42052 DF PROTO=TCP SPT=39350 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=35500 DF PROTO=TCP SPT=46372 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=15796 DF PROTO=TCP SPT=55620 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=22723 DF PROTO=TCP SPT=34391 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=33185 DF PROTO=TCP SPT=43590 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=1208 DF PROTO=TCP SPT=50564 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=65365 DF PROTO=TCP SPT=59735 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=46383 DF PROTO=TCP SPT=38469 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=8021 DF PROTO=TCP SPT=47591 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=20071 DF PROTO=TCP SPT=54531 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=29313 DF PROTO=TCP SPT=35398 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=33603 DF PROTO=TCP SPT=42326 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=64176 DF PROTO=TCP SPT=51394 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=20708 DF PROTO=TCP SPT=58305 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=64601 DF PROTO=TCP SPT=39127 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=46885 DF PROTO=TCP SPT=46017 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=14850 DF PROTO=TCP SPT=55033 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=57964 DF PROTO=TCP SPT=33675 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=44705 DF PROTO=TCP SPT=42671 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=61837 DF PROTO=TCP SPT=49546 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=56613 DF PROTO=TCP SPT=58508 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=63642 DF PROTO=TCP SPT=37128 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=10566 DF PROTO=TCP SPT=46074 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=19769 DF PROTO=TCP SPT=52933 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=33784 DF PROTO=TCP SPT=33632 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=40339 DF PROTO=TCP SPT=40458 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=61512 DF PROTO=TCP SPT=49361 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=48049 DF PROTO=TCP SPT=56196 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=48476 DF PROTO=TCP SPT=36868 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=53194 DF PROTO=TCP SPT=43685 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=46985 DF PROTO=TCP SPT=52557 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=63571 DF PROTO=TCP SPT=59364 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=34577 DF PROTO=TCP SPT=39962 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=46205 DF PROTO=TCP SPT=46759 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=6101 DF PROTO=TCP SPT=55563 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=31012 DF PROTO=TCP SPT=34110 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=27653 DF PROTO=TCP SPT=42911 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=27929 DF PROTO=TCP SPT=49684 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=49235 DF PROTO=TCP SPT=58465 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=21716 DF PROTO=TCP SPT=37018 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=18459 DF PROTO=TCP SPT=45756 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=55687 DF PROTO=TCP SPT=52513 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=41183 DF PROTO=TCP SPT=33024 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=9098 DF PROTO=TCP SPT=39787 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=33134 DF PROTO=TCP SPT=48497 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=17807 DF PROTO=TCP SPT=55256 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=8837 DF PROTO=TCP SPT=35719 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=54156 DF PROTO=TCP SPT=42450 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=28552 DF PROTO=TCP SPT=51155 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=42561 DF PROTO=TCP SPT=57907 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=21334 DF PROTO=TCP SPT=38336 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=6870 DF PROTO=TCP SPT=45075 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=44922 DF PROTO=TCP SPT=53733 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=16824 DF PROTO=TCP SPT=60448 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=2657 DF PROTO=TCP SPT=40859 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=40506 DF PROTO=TCP SPT=47569 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 
Stealth scan (UNPRIV)?: IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=TCP SPT=9 DPT=56040 WINDOW=0 RES=0x00 RST URGP=0 
Stealth scan (UNPRIV)?: IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=TCP SPT=1 DPT=56041 WINDOW=0 RES=0x00 ACK RST URGP=0 
Stealth scan (UNPRIV)?: IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=TCP SPT=1 DPT=56042 WINDOW=0 RES=0x00 RST URGP=0 
Stealth scan (UNPRIV)?: IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=TCP SPT=1 DPT=56043 WINDOW=0 RES=0x00 ACK RST URGP=0 
Connection attempt (UNPRIV): IN=ppp0 OUT= MAC= SRC=209.249.6.19 DST=65.173.233.92 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=35410 DF PROTO=TCP SPT=56198 DPT=7965 WINDOW=5840 RES=0x00 SYN URGP=0 


More information about the list mailing list