[Dshield] Intermittent Scan?

John ecarew2531 at rogers.com
Fri Jan 2 04:01:11 GMT 2004


I've noticed an intermittent Scan? on Rogers network
captured on my home PC (in this case over a 4 hour period).
Just started a few days ago and always from the same IP
but appears off and on throughout the day.  Sometimes I
see this much traffic in one hour, and at times over 4 hours
as in this case.

Source & Destination Ports vary but are from Ephemeral
to Ephemeral.  TCP Flags set are Rst & Ack.  Seq always 0,
Acknowledgment number varies, win 0, length 0.
Overall packet length 60 bytes.

Any suggestions on what this is?
    						
45 00 00 28 67 63 00 00 75 06 b3 cc 18 67 a4 4a 18 67
XX XX 06 4c 07 3d 00 00 00 00 73 fa 00 01 50 14
00 00 03 ac 00 00 00 00 00 00 00 00


   						
45 00 00 28 23 4f 00 00 75 06 f7 e0 18 67 a4 4a 18 67
XX XX 07 45 04 7a 00 00 00 00 7a 20 00 01 50 14
00 00 ff 4f 00 00 00 00 00 00 00 00


    						
45 00 00 28 da a7 00 00 75 06 40 88 18 67 a4 4a 18 67
XX XX 04 24 06 18 00 00 00 00 5b 3b 00 01 50 14
00 00 1f b8 00 00 00 00 00 00 00 00


    						
45 00 00 28 ea 53 00 00 75 06 30 dc 18 67 a4 4a 18 67
XX XX 06 ce 07 49 00 00 00 00 1b d0 00 01 50 14
00 00 5b 48 00 00 00 00 00 00 00 00


   						
45 00 00 28 8c fb 00 00 75 06 8e 34 18 67 a4 4a 18 67
XX XX c4 06 38 00 00 00 00 0b 5b 00 01 50 14
00 00 6a d8 00 00 00 00 00 00 00 00


    							
45 00 00 28 42 d4 00 00 75 06 d8 5b 18 67 a4 4a 18 67
XX XX 09 b4 06 e5 00 00 00 00 73 e0 00 01 50 14
00 00 00 b6 00 00 00 00 00 00 00 00

Thanks,

John




More information about the list mailing list