[Dshield] Traffic on 1025, 6129, 2745, 80, 3127

WMAVT@aol.com WMAVT at aol.com
Wed Mar 31 21:40:20 GMT 2004


Hello shawn.cox at pcca.com (Shawn Cox),

In reference to your comment:

è 12.25.200.5 traces back to phone.com witch google says is 
<A HREF="http://www.openwave.com/">Openwave - Home -</A> = http://www.openwave.com/
Japan Flag Openwave.com is now available in Japanese! Openwave.com is now 
available
in Japanese! Openwave.com??????????????? ... 
check this out could be text messaging 
http://www.google.com/search?hl=en&lr=&ie=UTF-8&sa=G&q=%22phone.%2Bcom%22



========Original Message======== 
Subj:   [Dshield] Traffic on 1025, 6129, 2745, 80, 3127     
Date:   3/31/2004 2:00:09 PM Mountain Standard Time 
From:    shawn.cox at pcca.com (Shawn Cox)
Sender:    list-bounces at dshield.org
Reply-to: <A HREF="mailto:list at dshield.org">list at dshield.org</A> (General DShield Discussion List)
To:    list at dshield.org (General DShield Discussion List)
    
    


2004-03-31 10:58:45 Local4.Error lbkrtr-ciscopix-int Mar 31 2004 10:58:13:
%PIX-3-106011: Deny inbound (No xlate) tcp src outside:12.25.200.5/48566 dst
outside:216.167.162.144/1025
2004-03-31 10:58:45 Local4.Error lbkrtr-ciscopix-int Mar 31 2004 10:58:13:
%PIX-3-106011: Deny inbound (No xlate) tcp src outside:12.25.200.5/48573 dst
outside:216.167.162.144/6129
2004-03-31 10:58:45 Local4.Error lbkrtr-ciscopix-int Mar 31 2004 10:58:13:
%PIX-3-106011: Deny inbound (No xlate) tcp src outside:12.25.200.5/48562 dst
outside:216.167.162.144/2745
2004-03-31 10:58:45 Local4.Error lbkrtr-ciscopix-int Mar 31 2004 10:58:13:
%PIX-3-106011: Deny inbound (No xlate) tcp src outside:12.25.200.5/48575 dst
outside:216.167.162.144/80
2004-03-31 10:58:45 Local4.Error lbkrtr-ciscopix-int Mar 31 2004 10:58:13:
%PIX-3-106011: Deny inbound (No xlate) tcp src outside:12.25.200.5/48568 dst
outside:216.167.162.144/3127


I started getting pounded with this around 10:20 am central time.  I've
logged 200,000 since then on 448 IP's. Any idea what it is?

I'm sorry I don't have the authority to do any captures.

--Shawn

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: 
http://www.dshield.org/mailman/listinfo/list


----------------------- Headers --------------------------------
Return-Path: <list-bounces at dshield.org>
Received: from  rly-xg05.mx.aol.com (rly-xg05.mail.aol.com [172.20.115.202]) 
by air-xg04.mail.aol.com (v98.19) with ESMTP id MAILINXG42-472406b313e1d5; 
Wed, 31 Mar 2004 16:00:08 -0500
Received: from  mail.giac.net (mail1.giac.net [65.173.218.103]) by 
rly-xg05.mx.aol.com (v98.5) with ESMTP id MAILRELAYINXG58-472406b313e1d5; Wed, 31 Mar 
2004 15:59:43 -0500
Received: (qmail 16609 invoked from network); 31 Mar 2004 20:59:41 -0000
Received: from  (HELO dshield.com) (@)
  by 0 with SMTP; 31 Mar 2004 20:59:41 -0000
Received: from maverick12.sans.org (localhost.localdomain [127.0.0.1])
    by dshield.com (8.11.6/8.11.6) with ESMTP id i2VKwYi21424;
    Wed, 31 Mar 2004 20:58:34 GMT
Received: from mail.giac.net (iceman1 [65.173.218.103])
    by dshield.com (8.11.6/8.11.6) with SMTP id i2VJQYi16135
    for <list at maverick12.sans.org>; Wed, 31 Mar 2004 19:26:34 GMT
Received: (qmail 4748 invoked from network); 31 Mar 2004 19:26:34 -0000
Received: from  (HELO dshield.org) (@)
    by 0 with SMTP; 31 Mar 2004 19:26:34 -0000
Old-Received: (qmail 29046 invoked from network); 31 Mar 2004 19:09:28 -0000
Old-Received: from mail.pcca.com (HELO PCNWMAILSCNDNS.pcca.com) 
(216.167.162.3)
    by 0 with SMTP; 31 Mar 2004 19:09:28 -0000
Old-Received: from 10.5.1.6 by PCNWMAILSCNDNS.pcca.com (InterScan E-Mail
    VirusWall NT); Wed, 31 Mar 2004 13:01:43 -0600
Old-Received: from LBKPCSCOX [10.5.1.32] by pcca.com
    (SMTPD32-8.05) id A59782540072; Wed, 31 Mar 2004 13:01:43 -0600
Message-ID: <019c01c41752$9b75eb10$2001050a at LBKPCSCOX>
From: "Shawn Cox" <shawn.cox at pcca.com>
To: "General DShield Discussion List" <list at dshield.org>
References: <1080696477.2652.5.camel at linux.local>
Date: Wed, 31 Mar 2004 13:01:43 -0600
MIME-Version: 1.0
Content-Type: text/plain;
    charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Old-X-Envelope-To: list at dshield.org
X-Seen-By: bob list
X-Envelope-To: UNKNOWN
X-Mailman-Approved-At: Wed, 31 Mar 2004 20:38:33 +0000
Subject: [Dshield] Traffic on 1025, 6129, 2745, 80, 3127 
X-BeenThere: list at dshield.org
X-Mailman-Version: 2.1.4
Precedence: list
Reply-To: General DShield Discussion List <list at dshield.org>
List-Id: General DShield Discussion List <list.dshield.org>
List-Unsubscribe: <http://www.dshield.org/mailman/listinfo/list>,
    <mailto:list-request at dshield.org?subject=unsubscribe>
List-Archive: <http://www.dshield.org/pipermail/list>
List-Post: <mailto:list at dshield.org>
List-Help: <mailto:list-request at dshield.org?subject=help>
List-Subscribe: <http://www.dshield.org/mailman/listinfo/list>,
    <mailto:list-request at dshield.org?subject=subscribe>
Sender: list-bounces at dshield.org
Errors-To: list-bounces at dshield.org
X-AOL-IP: 65.173.218.103
X-AOL-SCOLL-SCORE: 0:XXX:XX
X-AOL-SCOLL-URL_COUNT: 0







More information about the list mailing list