From: Mike Mills (mmillsdpwt.com)
Date: Thu Apr 03 2003 - 11:27:07 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The machines listed below have been running UDP scans against our firewall
for some time. The scans really picked up on March 18th, but never got
more than 20 a day or so. These scans are apparently on random UDP ports,
and from randomly selected machines in the list below. If anyone is
interested, I have all of the events this year in a spreadsheet.

They are nearly unnoticeable when displayed by date and time, but become
apparent when sorted by source IP.

Has anyone else experienced scans like this from these boxes?

I spoke to AOL, and they confirmed my beliefs and said that indeed people
were bouncing off their servers looking for trojaned UDP ports.

 1) They are aware of it and we aren't the only one's who contacted them
about it.

 2) They know that they can easily stop the behavior, but they won't
pursue the issue unless we have suffered some kind of loss.

152.163.159.225 rtc-ext1.ns.aol.com
152.163.159.226 rtc-ext2.ns.aol.com
152.163.159.227 rtc-ext3.ns.aol.com
152.163.159.228 rtc-ext4.ns.aol.com
152.163.159.229 rtc-ext5.ns.aol.com
152.163.159.230 rtc-ext6.ns.aol.com
205.188.157.225 dtc-ext1.ns.aol.com
205.188.157.226 dtc-ext2.ns.aol.com
205.188.157.227 dtc-ext3.ns.aol.com
205.188.157.228 dtc-ext4.ns.aol.com
205.188.157.230 dtc-ext6.ns.aol.com
64.12.51.129 mtc-ext1.ns.aol.com
64.12.51.130 mtc-ext2.ns.aol.com
64.12.51.141 mtc-ext3.ns.aol.com
64.12.51.142 mtc-ext4.ns.aol.com
64.12.51.143 mtc-ext5.ns.aol.com
64.12.51.144 mtc-ext6.ns.aol.com

----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-incidents

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]