Security Incidents mailing list archives
source port 321
From: T_Esting () EXCITE COM (T.Esting)
Date: Fri, 28 Jan 2000 09:08:46 -0800
I've been tracking a weird port scan for a few months now. It's not terribly fast, and it's almost always pointed at one nonexistent machine on a public subnet for which I'm responsible. The fact that the machine doesn't exist and has been a target for several months is strange enough, in and of itself. The fact that the number of distinct machines probing the same nonexistent address is large and growing is stranger. Add that to the fact that the source port for the probes is, more often than not, 321 and I think something pretty fishy is going on. However, I have yet to find any reference to attack tools, distributed or not, that have that particular port as a signature. Has anyone run into this in the past that can shed some light? TIA. _______________________________________________________ Get 100% FREE Internet Access powered by Excite Visit http://freeworld.excite.com
Current thread:
- Re: Probes to tcp 2766 ('System V Listner') Robert G. Ferrell (Jan 27)
- source port 321 T.Esting (Jan 28)
- Re: source port 321 Robert Graham (Jan 28)
- Re: Probes to tcp 2766 ('System V Listner') Thiago/c0nd0r (Jan 28)
- source port 321 T.Esting (Jan 28)