Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Interesting scan to ports 1999-2000

From: "wirepair" <wirepair () roguemail net>
Date: Thu, 23 May 2002 03:46:33 -0700
Anyone else see this scan come across? It came from a .kr (big surprise i know). Did a quick search and apparently someones seen it before, this something we should be concerned about? (1999 == cisco i don't think thats what they're looking for) (2000 == answerbook that looks a bit better...) Here we go again! 
-wire
[**] [1:620:1] SCAN Proxy attempt [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/22-21:02:32.635898 xx.xx.xx.xx:1999 -> my.ip.ip.ip:8080
TCP TTL:108 TOS:0x0 ID:62984 IpLen:20 DgmLen:48 DF
******S* Seq: 0x55563D20 Ack: 0x0 Win: 0x4000 TcpLen: 28 
TCP Options (4) => MSS: 1460 NOP NOP SackOK

[**] [1:618:1] INFO - Possible Squid Scan [**]
[Classification: Attempted Information Leak] [Priority: 2]
05/22-21:02:32.636840 xx.xx.xx.xx:2000 -> my.ip.ip.ip:3128
TCP TTL:108 TOS:0x0 ID:62985 IpLen:20 DgmLen:48 DF
******S* Seq: 0x5556CEA2 Ack: 0x0 Win: 0x4000 TcpLen: 28 
TCP Options (4) => MSS: 1460 NOP NOP SackOK
_____________________________
For the best comics, toys, movies, and more,
please visit <http://www.tfaw.com/?qt=wmf>


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: