Security Incidents mailing list archives
A new hack tool - tcp port 3139 ?
From: <METE.EMINAGAOGLU () DIGITALPLATFORM com>
Date: Fri, 15 Mar 2002 21:24:32 +0200
Hi to all, Beginning from 6th of March until today, I' ve been continously observing a very strange and presumably dangerous probe (possibly caused by a new trojan or trojan-like tool) in my Firewall logs. The source IP is different real-world IP' s, the destination IP is always my FW' s outer interface IP, and the service port is tcp 3139. However, it' s s.thing like a "masked" action. Because, when I analyse the logs in detail, Xlate Dest IP' s are any of our DMZ IP' s (random), and the Xlate Destin Port is, tcp 80 - http !!! Has anyone faced this similar oddity? I' ve searched all the sec. sites, news, but nope!!! Thanks in advance... ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- A new hack tool - tcp port 3139 ? METE.EMINAGAOGLU (Mar 15)
- <Possible follow-ups>
- RE: A new hack tool - tcp port 3139 ? METE.EMINAGAOGLU (Mar 15)