Security Incidents mailing list archives
Re: Wingate 1080/8080 Scans
From: Guillaume Filion <gfk () LOGIDAC COM>
Date: Wed, 31 Jan 2001 20:23:52 -0500
Hi Brian, Let's do some stats on my firewall's logs located on a 24.x.x.x (cable modem - high target for those scans): [root@cesam /]# fgrep -c ':1080 ' /var/log/messages* /var/log/messages:10 /var/log/messages.1:69 /var/log/messages.2:25 /var/log/messages.3:19 /var/log/messages.4:17 [root@cesam /]# ls -l /var/log/messages* -rw------- 1 root root 177585 Jan 31 19:56 /var/log/messages -rw------- 1 root root 438638 Jan 28 03:47 /var/log/messages.1 -rw------- 1 root root 232626 Jan 21 03:43 /var/log/messages.2 -rw------- 1 root root 162632 Jan 14 03:02 /var/log/messages.3 -rw------- 1 root root 184867 Jan 7 03:24 /var/log/messages.4 So I've received, during this month: 10 packets between the 28 & 31 : 3.3/day ave. 69 packets between the 21 & 28 : 9.9/day ave. 25 packets between the 14 & 7: 3.6/day ave. 17 packets between the 1st & 7: 2.4/day ave. So far this week has been quite normal, especially compared to last week. But maibe a couple of script kiddies decided to scan your particular subnet, while they were scanning mine last week... Hope this helps, GFK's
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Did anyone other than myself notice a metric ton of WinGate scans the past two days for both 1080 and 8080?!? I would estimate that 80-90% of our customers experienced extremely high numbers of these scans yesterday and today. Anyone else notice this or am I just not lucky today?!?! Best Regards, Brian D. Taylor Level 2 Security Analyst SecureWorks/IMSC www.secureworks.net -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBOnenOwBthbPW+yLIEQKttwCgqthatztLVaN5I7iBp/22XpnJiGgAmwR0 xNE0IhJgCPlvwzZLLlpl7W84 =J1IO -----END PGP SIGNATURE-----
-- Guillaume Filion Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/ PGP Fingerprint: 14A6 720A F7BA 6C87 2331 33FD 467E 9198 3DED D5CA
Attachment:
_bin
Description:
Current thread:
- Re: Wingate 1080/8080 Scans Guillaume Filion (Jan 31)