jamesworldintelligencia.com
Date: Tue Sep 16 2003 - 15:54:08 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

What ver OS you running?

At 15:09 09/15/2003, Jared Ingersoll wrote:
>Hi,
>
>I was reviewing my pix syslog messages today and found a strange one from
>yesterday morning at around 3 AM, Sunday:
>
>
>Sep 14 03:49:48 3U:x.x.x.x %PIX-3-211003: CPU utilization for 10 seconds =
>45305562%
>
>The odd thing is that the percent utilization is somewhere around 45 million
>percent. Our company operates during "bank hours" so activity at that time
>of day is always viewed with a suspicious eye. I called Cisco support and
>they were absolutely no help. They tried to pass it off as spoofed ip error
>messages related to the blaster worm. With minimal questioning the tech
>could not support that supposition at all (though I'm not saying he wasn't
>right).
>
>Leading up to the CPU message was a sequence of UDP port scans on port 135
>and 1026, originating from port 666 (as follows):
>
>Sep 14 03:47:45 2U:x.x.x.x %PIX-2-106006: Deny inbound UDP from
>64.156.39.12/666 to x.x.x.x/135 on interface outside
>Sep 14 03:47:45 2U:x.x.x.x %PIX-2-106006: Deny inbound UDP from
>64.156.39.12/666 to x.x.x.x/1026 on interface outside
>
>Can anyone shed some light on this?
>
>Thanks,
>Jared
>
>---------------------
>Jared Ingersoll
>Fiserv CSW, Inc.

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]