Security Incidents mailing list archives
Re: Firewall hits/unknown ports
From: Glenn Forbes Fleming Larratt <glratt () rice edu>
Date: Sun, 4 Nov 2001 21:28:29 -0600 (CST)
You might look at (and provide) what they're using for a "source" port -
I've seen numerous "reverse http" and "reverse telnet" scans, where
a source port of 80 or 23 is used. Such a approach could fool
a stateless firewall or IDS.
-g
On Sun, 4 Nov 2001 bonk () webchat chatsystems com wrote:
Anyone know what trojans/backdoors run on 22634, 24544 and 29319 ? Snort.org doesn't list these.
:
:
:
22634 24.254.60.19 unknown Nov 3 23:49:26 22634 24.254.60.19 unknown Nov 3 23:48:26 22634 24.254.60.19 unknown Nov 3 23:47:26 22634 24.254.60.19 unknown Nov 3 23:46:26 22634 24.254.60.19 unknown Nov 3 23:45:26 22634 24.254.60.19 unknown Nov 3 23:44:26 22634 24.254.60.19 unknown Nov 3 23:43:26 22634 24.254.60.19 unknown Nov 3 23:42:26 22634 24.254.60.19 unknown Nov 3 23:41:53 22634 24.254.60.19 unknown Nov 3 23:41:36 22634 24.254.60.19 unknown Nov 3 23:41:28
Glenn Forbes Fleming Larratt
Rice University Network Management
glratt () rice edu
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Current thread:
- Firewall hits/unknown ports bonk (Nov 04)
- Re: Firewall hits/unknown ports Stephen (Nov 04)
- RE: Firewall hits/unknown ports Loki (Nov 04)
- Re: Firewall hits/unknown ports Glenn Forbes Fleming Larratt (Nov 04)
- Re: Firewall hits/unknown ports Valdis . Kletnieks (Nov 04)
- Re: Firewall hits/unknown ports Nick FitzGerald (Nov 08)
- <Possible follow-ups>
- RE: Firewall hits/unknown ports Barber, Chris (Nov 05)
- Re: Firewall hits/unknown ports freehold (Nov 05)
- Re: Firewall hits/unknown ports Stephen (Nov 04)