[Dshield] Something Different In The Log

Johannes B. Ullrich jullrich at sans.org
Thu Jan 15 04:14:15 GMT 2004


why is this 'different'? It looks just like a regular port 139 (file
sharing) scan.


On Wed, 2004-01-14 at 23:04, Glenn Jarvis wrote:
> Jan/14/2004 22:08:05
>   TearDrop Attack Detect src:61.144.130.46:33533 dst:67.70.201.56:139 
> Packet Dropped
> Jan/14/2004 21:58:09
>   Drop TCP packet from WAN src:61.144.130.46:33533 dst:67.70.201.56:139 
> Rule: Default deny
> Jan/14/2004 21:58:03
>   Drop TCP packet from WAN src:61.144.130.46:33533 dst:67.70.201.56:139 
> Rule: Default deny
> Jan/14/2004 21:58:00
>   Drop TCP packet from WAN src:61.144.130.46:33533 dst:67.70.201.56:139 
> Rule: Default deny
> 
> 
> O/S - Win98SE
> Router - Dlink 604
> Tested - Full Stealth Mode (All Ports) as per grc.com
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040114/35178858/attachment.bin


More information about the list mailing list