|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Richard Johnson (rdump_at_river.com)
Date: Wed Jul 17 2002 - 14:37:53 CDT
Starting at 11:38:12 UTC on July 17, we started seeing full-network port
scans looking for TCP port 1025.
The sources are all Windows boxes listening on TCP port 1025. The ramp up
in volume from widely separated source IPs looks wormy.
Is this a targeted attack against my nets, or are others seeing this
scanning too?
Richard
-------
Jul 17 05:38:12 gateway IP FILTER: `wi` rule# 13: deny:
src=131.128.196.245(1810) dst=A.B.C.0(1025) proto=6
Jul 17 05:38:12 gateway IP FILTER: `wi` rule# 38: deny:
src=131.128.196.245(1822) dst=A.B.C.Y(1025) proto=6
...
Jul 17 05:38:15 gateway IP FILTER: `wi` rule# 38: deny:
src=131.128.196.245(1822) dst=A.B.C.Y(1025) proto=6
Jul 17 05:38:15 gateway IP FILTER: `wi` rule# 13: deny:
src=131.128.196.245(1810) dst=A.B.C.0(1025) proto=6
...
Jul 17 05:38:21 gateway IP FILTER: `wi` rule# 38: deny:
src=131.128.196.245(1822) dst=A.B.C.Y(1025) proto=6
Jul 17 05:38:21 gateway IP FILTER: `wi` rule# 13: deny:
src=131.128.196.245(1810) dst=A.B.C.0(1025) proto=6
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]