Security Incidents mailing list archives
Connect thru PIX & ports 1727, 2209, 9200
From: JNelson () CMCCONTROLS COM (CL: Nelson, Jeff)
Date: Thu, 27 Jan 2000 16:16:12 -0500
Hello, This is my first contribution to this list. Recently, going through my syslogs, I found an individual that has, apparently, successfully initiated a connection through our PIX. I thought this was a bit surprising. They then proceeded to send 1 UDP/1727 packet to every one of our external IP addresses (only 1 class C subnet) to port 9200. During this walkabout they also tried to send UDP/1727 to a variety of our private network addresses on port 9200. I am wondering how they were able to detect these addresses. Of course, I'm wondering how they established the connection through the PIX. Once the individual was done the connection was torn down. Then, they start back up again (with a new connection built through the firewall) except this time, they are sending their UDP packet from port 2209. Are any of you familiar with these ports or what is going on? One last bit of info, the internal system that they established the connection with is my syslog monitor (PrivateI, NT4.0, SP3). If it wasn't personal enough that they seem to have compromised me a bit, they had to do it with one of my own systems. Cheers, Jeff ::::::::::: Jeffrey L. Nelson Network Manager Cleveland Motion Controls
Current thread:
- Re: Possible attemt at hacking?, (continued)
- Re: Possible attemt at hacking? Brendan Grieve (Jan 27)
- Re: ? Adam Boileau (Jan 25)
- Korea (was RE: ?) Fernando Cardoso (Jan 26)
- Strange DNS/TCP activity Pavel Kankovsky (Jan 26)
- Re: Strange DNS/TCP activity Asmodeus (Jan 27)
- Re: Strange DNS/TCP activity Roy Pait (Jan 27)
- port 768 Guido A.J. Stevens (Jan 27)
- Re: port 768 Robert Graham (Jan 27)
- Re: Strange DNS/TCP activity technot (Jan 27)
- Re: Strange DNS/TCP activity Richard Bejtlich (Jan 27)
- Connect thru PIX & ports 1727, 2209, 9200 CL: Nelson, Jeff (Jan 27)
- Re: Korea (again) Kim R. Rasmussen (Jan 26)
- Re: Korea (again) zeek (Jan 27)
- Re: Korea (again) Kim Roland Rasmussen (Jan 27)
- Re: Korea (again) Thomas Molina (Jan 27)
- Re: Korea (again) Rob Quinn (Jan 28)
- Re: Korea (again) Granquist, Lamont (Jan 27)
- Re: Korea (was RE: ?) horio shoichi (Jan 26)
- Re: Korea (was RE: ?) David Brumley (Jan 27)
- Re: Korea (was RE: ?) Patrick Oonk (Jan 28)
- Re: Korea (was RE: ?) Arrigo Triulzi (Jan 28)