Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

source port 321

From: T_Esting () EXCITE COM (T.Esting)
Date: Fri, 28 Jan 2000 09:08:46 -0800

  I've been tracking a weird port scan for a few months now.  It's not
terribly fast, and it's almost always pointed at one nonexistent machine on
a public subnet for which I'm responsible.  The fact that the machine
doesn't exist and has been a target for several months is strange enough, in
and of itself.  The fact that the number of distinct machines probing the
same nonexistent address is large and growing is stranger.  Add that to the
fact that the source port for the probes is, more often than not, 321 and I
think something pretty fishy is going on.  However, I have yet to find any
reference to attack tools, distributed or not, that have that particular
port as a signature.

  Has anyone run into this in the past that can shed some light?

  TIA.

_______________________________________________________
Get 100% FREE Internet Access powered by Excite
Visit http://freeworld.excite.com
Previous By Date Next
Previous By Thread Next

Current thread: