Greetings, Can anyone tell me which Windows tool is used to scan for ports 139, 12345, and 27374. (Example below) This occurs often enough that it makes me think that it's a tool, I just can't find any mention of it anywhere... 08/20-23:43:31.292516 0:2:4B:BC:B9:E0 -> 8:0:20:B8:F2:36 type:0x800 len:0x3E 209.69.154.168:3204 -> MY.NET.165.25:27374 TCP TTL:110 TOS:0x0 ID:21844 IpLen:20 DgmLen:48 DF ******S* Seq: 0x76F6E7F Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 08/20-23:43:31.292892 0:2:4B:BC:B9:E0 -> 8:0:20:B8:F2:36 type:0x800 len:0x3E 209.69.154.168:3205 -> MY.NET.165.25:12345 TCP TTL:110 TOS:0x0 ID:21845 IpLen:20 DgmLen:48 DF ******S* Seq: 0x77050F0 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 08/20-23:43:31.297448 0:2:4B:BC:B9:E0 -> 8:0:20:B8:F2:36 type:0x800 len:0x3E 209.69.154.168:3209 -> MY.NET.165.25:139 TCP TTL:110 TOS:0x0 ID:21846 IpLen:20 DgmLen:48 DF ******S* Seq: 0x7713088 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 08/20-23:43:34.262887 0:2:4B:BC:B9:E0 -> 8:0:20:B8:F2:36 type:0x800 len:0x3E 209.69.154.168:3209 -> MY.NET.165.25:139 TCP TTL:110 TOS:0x0 ID:23258 IpLen:20 DgmLen:48 DF ******S* Seq: 0x7713088 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 08/20-23:43:34.302197 0:2:4B:BC:B9:E0 -> 8:0:20:B8:F2:36 type:0x800 len:0x3E 209.69.154.168:3204 -> MY.NET.165.25:27374 TCP TTL:110 TOS:0x0 ID:23289 IpLen:20 DgmLen:48 DF ******S* Seq: 0x76F6E7F Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 08/20-23:44:06.193115 0:2:4B:BC:B9:E0 -> 8:0:20:B8:F2:36 type:0x800 len:0x3E 209.69.154.168:3209 -> MY.NET.165.25:139 TCP TTL:110 TOS:0x0 ID:26960 IpLen:20 DgmLen:48 DF ******S* Seq: 0x7713088 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 08/20-23:44:06.340679 0:2:4B:BC:B9:E0 -> 8:0:20:B8:F2:36 type:0x800 len:0x3E 209.69.154.168:3205 -> MY.NET.165.25:12345 TCP TTL:110 TOS:0x0 ID:26997 IpLen:20 DgmLen:48 DF ******S* Seq: 0x77050F0 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 08/20-23:44:06.388758 0:2:4B:BC:B9:E0 -> 8:0:20:B8:F2:36 type:0x800 len:0x3E 209.69.154.168:3204 -> MY.NET.165.25:27374 TCP TTL:110 TOS:0x0 ID:27009 IpLen:20 DgmLen:48 DF ******S* Seq: 0x76F6E7F Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ Gary Portnoy Network Administrator gportnoyat_private PGP Fingerprint: 9D69 6A39 642D 78FD 207C 307D B37D E01A 2E89 9D2C ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 11 2001 - 08:47:37 PDT