I'm seeing more and more probes for ports 1800 and 1945, with many such probes being sourced from well known commonly open port numbesr (ie, 23, 6667). These probes are now easily outnumbering even the imap probes. Today alone I've seen a large number of probes from at least 4 unique IP addresses. Anyone have any leads on what they are looking for? I could not find anything in bugtraq, rootshell, etc. (IP addresses changed to protect the identities of the recipient) Subject: fw1 (Gauntlet 4.0) frequent check output Security Alerts --------------- Dec 20 17:35:44 fw1.________.com unix: securityalert: no match found in forward screen: TCP if=le0 srcaddr=__.(uunet dialup).__ srcport=6667 dstaddr=__.__.__.__ dstport=1945 Dec 20 17:40:04 fw1.________.com unix: securityalert: no match found in forward screen: TCP if=le0 srcaddr=__.(uunet dialup).__ srcport=6667 dstaddr=__.__.__.__ dstport=1800 Jason Fesler <jfeslerat_private> |".. and ten thousand noblemen squatted and Good, Fast, Cheap - | strained, for the King's word, was law." Pick any two. | - SCA Folklore
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:42:42 PDT