Security Incidents mailing list archives
Re: Simultaneous Attacks
From: Valdis.Kletnieks () VT EDU (Valdis Kletnieks)
Date: Fri, 7 Jul 2000 17:31:45 -0400
On Fri, 07 Jul 2000 00:27:04 EDT, "Harlan S. Barney, Jr." <hsbarney () NYCAP RR COM> said:
59, 2000-07-06 23:59:50, 2003103, NetBus port probe, 64.232.4.242, , 24.161.11.47, , port=12345&name=NetBus, 6, A 59, 2000-07-06 23:59:50, 2003103, NetBus port probe, 23.23.23.23, , 24.161.11.47, , port=12345&name=NetBus, 6, A 59, 2000-07-06 23:59:50, 2003103, NetBus port probe, 24.24.24.24, tmp1-3218.twcny.rr.com, 24.161.11.47, , port=12345&name=NetBus, 6, A
The 23. and 24. probes are almost certainly decoys. This may be an 'nmap' scan trying to determine your IP sequence number algorithm - using bogus packets to increment the initial sequence number. You may wish to verify whether your software is configured to report on probes to other ports as well - it could be you're only reporting on "interesting" ports (like snmp, netbus, yadda yadda yadda) and you missed the other connections. Of course, I may be totally full of it too - it *is* 5:30PM on Friday and time for the weekend. ;) -- Valdis Kletnieks Operating Systems Analyst Virginia Tech <HR NOSHADE> <UL> <LI>application/pgp-signature attachment: stored </UL>
Current thread:
- Re: scan log and subsequent response from the host's ISP, (continued)
- Re: scan log and subsequent response from the host's ISP Dan Hollis (Jul 05)
- Re: scan log and subsequent response from the host's ISP Dan Hollis (Jul 05)
- Re: scan log and subsequent response from the host's ISP Talisker (Jul 10)
- Re: scan log and subsequent response from the host's ISP Pauel Loshkin (Jul 05)
- how to close security holes from nessus vulnerability scan report ? Chew Poh Chang (CAPL) (Jul 06)
- Snort SMTP expn-root Oxenreider, Jeff (Jul 06)
- Re: Snort SMTP expn-root Joe McAlerney (Jul 06)
- Re: Snort SMTP expn-root Bill Pennington (Jul 06)
- Re: Snort SMTP expn-root dyer (Jul 06)
- Simultaneous Attacks Harlan S. Barney, Jr. (Jul 06)
- Re: Simultaneous Attacks Valdis Kletnieks (Jul 07)
- Re: Simultaneous Attacks Ryan Russell (Jul 07)
- Ehm... what? (Re: Simultaneous Attacks) Martin Macok (Jul 11)
- Re: Simultaneous Attacks Richard Bejtlich (Jul 11)
- Re: scan log and subsequent response from the host's ISP Ejovi Nuwere (Jul 06)
- Re: scan log and subsequent response from the host's ISP Brooke, O'Neil (Jul 06)
- Re: scan log and subsequent response from the host's ISP Jason Storm (Jul 07)
- 6200/tcp Werner Iknaroff-Zhikovsky (Jul 09)
- Re: scan log and subsequent response from the host's ISP Michal Nazarewicz (Jul 07)
- Re: scan log and subsequent response from the host's ISP Dan Hollis (Jul 07)
- Re: scan log and subsequent response from the host's ISP Michal Nazarewicz (Jul 07)
- Re: scan log and subsequent response from the host's ISP Dan Hollis (Jul 07)