Snort mailing list archives
Re: Portscans noted
From: Scott Fringer <fringsm () is2 hsnet ufl edu>
Date: Fri, 31 Jan 2003 07:54:54 -0500 (EST)
Gordon, A good place to get a start on tracking down those various ports is: http://andrew.triumf.ca/cgi-bin/port Scott Scott Fringer Shands Healthcare @ U.F. Network Systems Analyst Gainesville, FL On Fri, 31 Jan 2003, Gordon Cunningham wrote:
This looks like a deliberate scan for specific vulnerabilities. Does anyone know what the various non-standard ports are they are scanning? Many are coming up unknown. 01/31-06:59:32.676595 TCP src: x.x.x.x dst: x.x.x.x sport: 1542 dport: 44134 tgts: 1 ports: 21 flags: *****R** event_id: 0 01/31-06:59:32.776614 TCP src: x.x.x.x dst: x.x.x.x sport: 865 dport: 43367 tgts: 1 ports: 22 flags: *****R** event_id: 237 01/31-06:59:32.976614 TCP src: x.x.x.x dst: x.x.x.x sport: 588 dport: 44137 tgts: 1 ports: 23 flags: *****R** event_id: 237 01/31-06:59:33.276653 TCP src: x.x.x.x dst: x.x.x.x sport: 369 dport: 44140 tgts: 1 ports: 24 flags: *****R** event_id: 237 01/31-06:59:33.476657 TCP src: x.x.x.x dst: x.x.x.x sport: 3456 dport: 44142 tgts: 1 ports: 25 flags: *****R** event_id: 237 01/31-06:59:33.576673 TCP src: x.x.x.x dst: x.x.x.x sport: 342 dport: 44143 tgts: 1 ports: 26 flags: *****R** event_id: 237 01/31-06:59:34.876790 TCP src: x.x.x.x dst: x.x.x.x sport: 1404 dport: 43900 tgts: 1 ports: 27 flags: *****R** event_id: 237 01/31-06:59:34.976852 TCP src: x.x.x.x dst: x.x.x.x sport: 7006 dport: 43901 tgts: 1 ports: 28 flags: *****R** event_id: 237 01/31-06:59:35.176828 TCP src: x.x.x.x dst: x.x.x.x sport: 981 dport: 43903 tgts: 1 ports: 29 flags: *****R** event_id: 237 01/31-06:59:35.276847 TCP src: x.x.x.x dst: x.x.x.x sport: 361 dport: 43904 tgts: 1 ports: 30 flags: *****R** event_id: 237 01/31-06:59:38.577182 TCP src: x.x.x.x dst: x.x.x.x sport: 22321 dport: 43937 tgts: 1 ports: 31 flags: *****R** event_id: 237 - Gordon ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snortcenter Error sh: curl: not found kristina . zelko (Jan 30)
- Re: Snortcenter Error sh: curl: not found Erek Adams (Jan 30)
- <Possible follow-ups>
- Re: Snortcenter Error sh: curl: not found kristina . zelko (Jan 31)
- Portscans noted Gordon Cunningham (Jan 31)
- Re: Portscans noted Scott Fringer (Jan 31)
- Portscans noted Gordon Cunningham (Jan 31)