Hey all,

        Can someone maybe give me a clue where to dig on finding out what
this type of "scan" is?...whether it's anything known?

01/09/2001 04:34:36.928 - UDP packet dropped -
Source:other.net.11.66, 928, WAN - Destination:My.sub.net.162, 137, LAN
- -
01/09/2001 04:41:23.416 - UDP packet dropped -
Source:other.net.11.66, 642, WAN - Destination:My.sub.net.162, 137, LAN
- -
01/09/2001 04:50:59.592 - UDP packet dropped -
Source:other.net.11.66, 949, WAN - Destination:My.sub.net.162, 137, LAN
- -
01/09/2001 04:57:10.336 - UDP packet dropped -
Source:other.net.11.66, 690, WAN - Destination:My.sub.net.162, 137, LAN
- -
01/09/2001 05:05:04.480 - UDP packet dropped -
Source:other.net.11.66, 872, WAN - Destination:My.sub.net.162, 137, LAN
- -

        The scans come at a seemingly timed interval, and after speaking
with one of the network OPS personnel over at the company, it appears to be
a unconfirmed version of *nix with some sort of mail program running on it.
I've seen this scan pattern before and couldn't trace it down, this time I'm
hoping to be able to pinpoint the cause.

        Thanks in advance for the forensics support.

Ralph M. Los
Sr. Internet Systems & Security Admin. (312) 827-3945 (direct)
EnvestNet Advisory Corp. (312) 296-9003 (wireless)
rlosenvestnet.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]