Security Incidents mailing list archives
Attempted port scans.
From: steve () SECURESOLUTIONS ORG (Steve)
Date: Tue, 11 Jan 2000 22:39:55 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Check this out guys. I seem to get these once or twice a day on my test machines. They are in a lab but exposed to the net. I run Nukenabber on them and it blocks their scans and gives me this log. I wonder, is there any point to me following up with ISPs on this type of thing? Obviously the person didn't get anywhere. Maybe its time to put in that FW-1 installation on my test network.......... - -Steve ============ [01/11/2000 18:48:42.410 GMT-0700] ICMP monitoring started. [01/11/2000 18:48:43.460 GMT-0700] Ready using port 5001 (tcp). [01/11/2000 18:48:43.570 GMT-0700] Ready using port 5000 (tcp). [01/11/2000 18:48:43.620 GMT-0700] Ready using port 1080 (tcp). [01/11/2000 18:48:43.680 GMT-0700] Ready using port 1032 (tcp). [01/11/2000 18:48:43.730 GMT-0700] Ready using port 1029 (tcp). [01/11/2000 18:48:43.900 GMT-0700] Ready using port 1027 (tcp). [01/11/2000 18:48:44.010 GMT-0700] Ready using port 139 (tcp). [01/11/2000 18:48:44.010 GMT-0700] Ready using port 138 (tcp). [01/11/2000 18:48:44.060 GMT-0700] Ready using port 137 (tcp). [01/11/2000 18:48:44.170 GMT-0700] Ready using port 129 (tcp). [01/11/2000 18:48:44.340 GMT-0700] Ready using port 53 (tcp). [01/11/2000 18:48:44.560 GMT-0700] Ready using port 19 (udp). [01/11/2000 18:59:47.290 GMT-0700] Connection: 200.196.84.155 on port 1080 (tcp). [01/11/2000 18:59:47.950 GMT-0700] [01/11/2000 18:59:48.000 GMT-0700] Port 1080 (tcp) is now disabled for 90 seconds. [01/11/2000 19:01:20.280 GMT-0700] Port 1080 (tcp) is re-enabled. - ---------------- [01/11/2000 18:59:48.060 GMT-0700]Report Generated for 200.196.84.155 TraceRoute: 0 POWERBOX (0.0.0.0) 1 57.54.46.56 (57.54.46.56) 2 10.127.3.2 (10.127.3.2) 3 tac01-enet0.rtr.agt.net (198.80.54.202) 4 192.168.3.9 (192.168.3.9) 5 REGIONAL2.tac.net (205.233.111.67) 5 POWERBOX (0.0.0.0) 6 REGIONAL2.tac.net (205.233.111.67) 7 117.ATM3-0.XR1.CHI6.ALTER.NET (146.188.209.178) 8 191.ATM3-0.TR1.CHI4.ALTER.NET (146.188.208.246) 9 106.ATM7-0.TR1.NYC1.ALTER.NET (146.188.136.150) 10 199.ATM6-0.XR1.NYC1.ALTER.NET (146.188.178.177) 11 195.ATM1-0-0.HR1.NYC1.ALTER.NET (146.188.177.85) 12 Serial8-0-0.SR1.TTN1.ALTER.NET (137.39.30.125) 13 Embra-gw.customer.alter.net (157.130.30.66) 14 ebt-P1-0-gsr01.rjo.embratel.net.br (200.255.197.98) 15 ebt-A12-0-0-1-dist02.rjo.embratel.net.br (200.255.197.109) 16 ebt-F4-0-acc02.rjo.embratel.net.br (200.255.197.42) 16 POWERBOX (0.0.0.0) 17 ebt-F4-0-acc02.rjo.embratel.net.br (200.255.197.42) 17 POWERBOX (0.0.0.0) 18 ebt-F4-0-acc02.rjo.embratel.net.br (200.255.197.42) 19 b21155.dial-rjo2.impsat.com.br (200.196.84.155) TraceRoute Complete. Finger: Finger Timed Out. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> iQA/AwUBOHwTqzLmOb9TzessEQI17QCfSUYi6EiewMii/qjzrqaDBtiLwfAAoJ2M AXMFaU0ni6xKpj1+EQDmFsl4 =Z7Q4 -----END PGP SIGNATURE-----
Current thread:
- Re: An Embryonic Counterintelligence Tool, (continued)
- Re: An Embryonic Counterintelligence Tool Vanja Hrustic (Jan 18)
- Maillog Suspicious flirtingboy20 (Jan 11)
- Re: Maillog Suspicious David A. Bandel (Jan 11)
- Re: Maillog Suspicious James Phillips (Jan 11)
- Re: Maillog Suspicious Yiorgos Adamopoulos (Jan 11)
- strange entrys in /var/log/messages Ben Russell (Jan 11)
- Re: strange entrys in /var/log/messages Christopher Wilson (Jan 12)
- Re: strange entrys in /var/log/messages Robert Graham (Jan 12)
- Re: Maillog Suspicious Jose Nazario (Jan 11)
- Re: Maillog Suspicious Larry W. Cashdollar (Jan 11)
- Attempted port scans. Steve (Jan 11)
- Re: Maillog Suspicious Khetan Gajjar (Jan 11)
- Text file monitor? Luther Trammel (Jan 12)
- Re: Text file monitor? James A Kennemore Jr (Jan 12)
- Re: Maillog Suspicious Christopher Rhodes (Jan 12)
- Re: Maillog Suspicious Christopher Rhodes (Jan 12)
- Re: Port 4 Daniel Jacobowitz (Jan 11)