Re: Weird DNS scans

From: Richard Smith (eno_manat_private)
Date: Fri Oct 05 2001 - 09:13:49 PDT

  • Next message: leon: "new pop3 exploit out?"

    Can you post a sanitized dump of the scan? Are the
    source ports incrementing by one and scanning port 53?
    This is a common trait of BigIP it gathers RTT and
    other stats so that it can properly route you to the
    least loaded server via local load-balancing. 
    
    The only concern I might have is the fact that IRC is
    reported as listening on port 6667. It could be a
    compromised host. BigIP uses a modified version of
    FreeBSD. I don't remember it using this port, but I
    could be wrong.
    
    R/
    
    Richard Smith
    
    __________________________________________________
    Do You Yahoo!?
    NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
    http://geocities.yahoo.com/ps/info1
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 09:51:11 PDT