Security Incidents mailing list archives
Interesting scan to ports 1999-2000
From: "wirepair" <wirepair () roguemail net>
Date: Thu, 23 May 2002 03:46:33 -0700
Anyone else see this scan come across? It came from a .kr (big surprise i know). Did a quick search and apparently someones seen it before, this something we should be concerned about? (1999 == cisco i don't think thats what they're looking for) (2000 == answerbook that looks a bit better...) Here we go again!
-wire [**] [1:620:1] SCAN Proxy attempt [**] [Classification: Attempted Information Leak] [Priority: 2] 05/22-21:02:32.635898 xx.xx.xx.xx:1999 -> my.ip.ip.ip:8080 TCP TTL:108 TOS:0x0 ID:62984 IpLen:20 DgmLen:48 DF******S* Seq: 0x55563D20 Ack: 0x0 Win: 0x4000 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [1:618:1] INFO - Possible Squid Scan [**] [Classification: Attempted Information Leak] [Priority: 2] 05/22-21:02:32.636840 xx.xx.xx.xx:2000 -> my.ip.ip.ip:3128 TCP TTL:108 TOS:0x0 ID:62985 IpLen:20 DgmLen:48 DF******S* Seq: 0x5556CEA2 Ack: 0x0 Win: 0x4000 TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK _____________________________ For the best comics, toys, movies, and more, please visit <http://www.tfaw.com/?qt=wmf> ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Interesting scan to ports 1999-2000 wirepair (May 23)