Guess the tool...

From: Portnoy, Gary (gportnoyat_private)
Date: Tue Sep 11 2001 - 05:47:07 PDT

  • Next message: H C: "Re: Guess the tool..." 

    Greetings,

Can anyone tell me which Windows tool is used to scan for ports 139, 12345,
and 27374.  (Example below) This occurs often enough that it makes me think
that it's a tool, I just can't find any mention of it anywhere...

08/20-23:43:31.292516 0:2:4B:BC:B9:E0 -> 8:0:20:B8:F2:36 type:0x800 len:0x3E
209.69.154.168:3204 -> MY.NET.165.25:27374 TCP TTL:110 TOS:0x0 ID:21844
IpLen:20 DgmLen:48 DF
******S* Seq: 0x76F6E7F  Ack: 0x0  Win: 0x4000  TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

08/20-23:43:31.292892 0:2:4B:BC:B9:E0 -> 8:0:20:B8:F2:36 type:0x800 len:0x3E
209.69.154.168:3205 -> MY.NET.165.25:12345 TCP TTL:110 TOS:0x0 ID:21845
IpLen:20 DgmLen:48 DF
******S* Seq: 0x77050F0  Ack: 0x0  Win: 0x4000  TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

08/20-23:43:31.297448 0:2:4B:BC:B9:E0 -> 8:0:20:B8:F2:36 type:0x800 len:0x3E
209.69.154.168:3209 -> MY.NET.165.25:139 TCP TTL:110 TOS:0x0 ID:21846
IpLen:20 DgmLen:48 DF
******S* Seq: 0x7713088  Ack: 0x0  Win: 0x4000  TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

08/20-23:43:34.262887 0:2:4B:BC:B9:E0 -> 8:0:20:B8:F2:36 type:0x800 len:0x3E
209.69.154.168:3209 -> MY.NET.165.25:139 TCP TTL:110 TOS:0x0 ID:23258
IpLen:20 DgmLen:48 DF
******S* Seq: 0x7713088  Ack: 0x0  Win: 0x4000  TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

08/20-23:43:34.302197 0:2:4B:BC:B9:E0 -> 8:0:20:B8:F2:36 type:0x800 len:0x3E
209.69.154.168:3204 -> MY.NET.165.25:27374 TCP TTL:110 TOS:0x0 ID:23289
IpLen:20 DgmLen:48 DF
******S* Seq: 0x76F6E7F  Ack: 0x0  Win: 0x4000  TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

08/20-23:44:06.193115 0:2:4B:BC:B9:E0 -> 8:0:20:B8:F2:36 type:0x800 len:0x3E
209.69.154.168:3209 -> MY.NET.165.25:139 TCP TTL:110 TOS:0x0 ID:26960
IpLen:20 DgmLen:48 DF
******S* Seq: 0x7713088  Ack: 0x0  Win: 0x4000  TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

08/20-23:44:06.340679 0:2:4B:BC:B9:E0 -> 8:0:20:B8:F2:36 type:0x800 len:0x3E
209.69.154.168:3205 -> MY.NET.165.25:12345 TCP TTL:110 TOS:0x0 ID:26997
IpLen:20 DgmLen:48 DF
******S* Seq: 0x77050F0  Ack: 0x0  Win: 0x4000  TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

08/20-23:44:06.388758 0:2:4B:BC:B9:E0 -> 8:0:20:B8:F2:36 type:0x800 len:0x3E
209.69.154.168:3204 -> MY.NET.165.25:27374 TCP TTL:110 TOS:0x0 ID:27009
IpLen:20 DgmLen:48 DF
******S* Seq: 0x76F6E7F  Ack: 0x0  Win: 0x4000  TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

Gary Portnoy
Network Administrator
gportnoyat_private

PGP Fingerprint: 9D69 6A39 642D 78FD 207C  307D B37D E01A 2E89 9D2C


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

    This archive was generated by hypermail 2b30 : Tue Sep 11 2001 - 08:47:37 PDT