TCP probe on port 35540 from port 1

From: Paul Gear (paulgearat_private)
Date: Wed Jul 25 2001 - 14:22:50 PDT

  • Next message: Jon Zobrist: "Re: IIS Directory traversal vulnerability"

    Anyone seen a probe like this lately?
    
    Jul 23 11:45:53 ### kernel: Packet log: input DENY ppp0 PROTO=6
    172.185.150.94:1 ###:35540 L=40 S=0x00
    I=2815 F=0x0000 T=35 (#66)
    
    This was the only packet of its type, and there didn't seem to be
    anything else happening at the time.  The source address looks up to
    ACB9965E.ipt.aol.com.
    
    As there is no SYN flag, it seems this is from some sort of
    cracking/security tool, but i'm not sure what.  The source port of
    tcpmux is curious.
    
    Paul
    http://paulgear.webhop.net
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 15:32:54 PDT