[Dshield] 4751/tcp Port Scans...

Dusty Hall halljer at auburn.edu
Wed Mar 31 21:39:38 GMT 2004


After an off-campus complaint I noticed several of our hosts scanning for port 4751/tcp.  I assume this is some type of Bagle Variant... Thoughts?


-Dusty


*-----------------
15:22:54.648856 131.204.x.x.3524 > 131.254.78.28.4751: S 607467045:607467045(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
0x0000   4500 0030 9d1a 4000 7e06 9647 83cc xxxx        E..0.. at .~..G..s.
0x0010   83fe 4e1c 0dc4 128f 2435 3625 0000 0000        ..N.....$56%....
0x0020   7002 2000 1f0c 0000 0204 05b4 0101 0402        p...............
15:22:54.648931 131.204.x.x.3526 > 131.254.78.30.4751: S 607467085:607467085(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
0x0000   4500 0030 9e1a 4000 7e06 9545 83cc xxxx        E..0.. at .~..E..s.
0x0010   83fe 4e1e 0dc6 128f 2435 364d 0000 0000        ..N.....$56M....
0x0020   7002 2000 1ee0 0000 0204 05b4 0101 0402        p...............
15:22:54.649025 131.204.x.x.3554 > 131.254.78.53.4751: S 607467582:607467582(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
0x0000   4500 0030 9f1a 4000 7e06 942e 83cc xxxx        E..0.. at .~.....s.
0x0010   83fe 4e35 0de2 128f 2435 383e 0000 0000        ..N5....$58>....
0x0020   7002 2000 1cbc 0000 0204 05b4 0101 0402        p...............
15:22:54.649098 131.204.x.x.3557 > 131.254.78.55.4751: S 607467623:607467623(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
0x0000   4500 0030 a01a 4000 7e06 932c 83cc xxxx        E..0.. at .~..,..s.
0x0010   83fe 4e37 0de5 128f 2435 3867 0000 0000        ..N7....$58g....
0x0020   7002 2000 1c8e 0000 0204 05b4 0101 0402        p...............





More information about the list mailing list