Hey there, I had the same thing going on here yesterday and the day before. I did some poking around and found out that the Lion worm spawns a rootshell on 10008...maybe we're seeing a new automated search for compromised machines? At 11:10 AM +0200 5/15/01, Joerg Weber wrote: >Hello everyone, > >my FW-Logs went insane last night with gazillions of connection attempts to >port 10008. >FW-1 does unfortunately not log dropped packets, so I've no idea about flags >et al, but the scan looks like this: >SourcePort = Increases with each scan >DestPort = 10008 > >This looks like an automated tool to me, as the whole scan took about a >second or two. >Any ideas? > >Thanks, > >Joerg -- -------------------------------------------------------------------- Tracey Losco Network Services securityat_private Information Technology Services http://www.nyu.edu/its/security New York University (212) 998 - 3433 PGP Fingerprint: 8FFB FE47 6156 7BF0 B19E 462B 9DFE 51F5
This archive was generated by hypermail 2b30 : Tue May 15 2001 - 09:44:00 PDT