Security Incidents mailing list archives
Re: Strange scan in progress
From: Marcel de Riedmatten <mdr () DOTFORGE CH>
Date: Mon, 16 Oct 2000 21:40:16 +0200
On Mon, Oct 16, 2000 at 03:28:25PM +0100, Jerry Walsh wrote:
Anyone have any idea of what's going on here? Looks like some decoy hosts involved too.. Oct 16 15:11:34 XXXXXX /kernel: Connection attempt to UDP xxx.xxx.xxx.xxx:33483 from 205.232.143.227:47879 Oct 16 15:11:38 XXXXXX /kernel: Connection attempt to UDP xxx.xxx.xxx.xxx:33484 from 205.232.143.227:47879 Oct 16 15:11:38 XXXXXX /kernel: Connection attempt to UDP xxx.xxx.xxx.xxx:33485 from 205.232.143.227:47879 Oct 16 15:12:00 XXXXXX /kernel: Connection attempt to UDP
This look like a traceroute from a unix machine. May be you block this packet or you block outgoing icmp port unreachable and the traceroute program getting no response look one hop ahead and one more hop ahead. Same for other log. -- Marcel de Riedmatten
Current thread:
- Strange scan in progress Jerry Walsh (Oct 16)
- Re: Strange scan in progress Marcel de Riedmatten (Oct 16)