Security Incidents mailing list archives
FYI: Slow port 137 scanning in reverse IP# order
From: Bryan Andersen <bryan () visi com>
Date: Sun, 26 Nov 2000 22:50:37 -0600
For Your Information Slow port 137 scanning in reverse IP# order. This is a new scan signature I haven't seen before. Times are refferenced to US/Central, GMT-600. Nov 26 18:10:27 gateway kernel: Packet log: input DENY eth0 PROTO=17 src:137 dst.19:137 L=78 S=0x00 I=21574 F=0x0000 T=113 Nov 26 18:10:29 gateway kernel: Packet log: input DENY eth0 PROTO=17 src:137 dst.19:137 L=78 S=0x00 I=21830 F=0x0000 T=113 Nov 26 18:10:30 gateway kernel: Packet log: input DENY eth0 PROTO=17 src:137 dst.19:137 L=78 S=0x00 I=22086 F=0x0000 T=113 Nov 26 18:12:54 gateway kernel: Packet log: input DENY eth0 PROTO=17 src:137 dst.17:137 L=78 S=0x00 I=46662 F=0x0000 T=113 Nov 26 18:12:56 gateway kernel: Packet log: input DENY eth0 PROTO=17 src:137 dst.17:137 L=78 S=0x00 I=46918 F=0x0000 T=113 Nov 26 18:12:57 gateway kernel: Packet log: input DENY eth0 PROTO=17 src:137 dst.17:137 L=78 S=0x00 I=47174 F=0x0000 T=113 Nov 26 18:15:19 gateway kernel: Packet log: input DENY eth0 PROTO=17 src:137 dst.16:137 L=78 S=0x00 I=5703 F=0x0000 T=113 Nov 26 18:15:20 gateway kernel: Packet log: input DENY eth0 PROTO=17 src:137 dst.16:137 L=78 S=0x00 I=5959 F=0x0000 T=113 Nov 26 18:15:22 gateway kernel: Packet log: input DENY eth0 PROTO=17 src:137 dst.16:137 L=78 S=0x00 I=6215 F=0x0000 T=113 -- | Bryan Andersen | bryan () visi com | http://softail.visi.com | | Buzzwords are like annoying little flies that deserve to be swatted. | | -Bryan Andersen |
Current thread:
- FYI: Slow port 137 scanning in reverse IP# order Bryan Andersen (Nov 28)