Firewall hits/unknown ports

From: bonkat_private
Date: Sun Nov 04 2001 - 07:06:04 PST

Next message: Stephen: "Re: Firewall hits/unknown ports"

Previous message: Glenn Forbes Fleming Larratt: "Re: Strange connections to ports 1214, 6346 and 28800"
Next in thread: Stephen: "Re: Firewall hits/unknown ports"
Reply: Stephen: "Re: Firewall hits/unknown ports"
Reply: Glenn Forbes Fleming Larratt: "Re: Firewall hits/unknown ports"
Reply: Barber, Chris: "RE: Firewall hits/unknown ports"
Reply: Nick FitzGerald: "Re: Firewall hits/unknown ports"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Anyone know what trojans/backdoors run on 22634, 24544 and 29319 ?
Snort.org doesn't list these.





80		24.23.170.219		http		Nov  4 03:56:14
80		24.23.19.114		http		Nov  4 03:13:24
80		24.23.170.219		http		Nov  4 02:57:32
80		24.23.170.219		http		Nov  4 02:57:29
80		24.23.170.219		http		Nov  4 02:44:27
80		24.23.170.219		http		Nov  4 02:08:54
80		24.23.170.219		http		Nov  4 02:08:51
80		24.100.151.92		http		Nov  4 02:01:11
80		24.100.151.92		http		Nov  4 02:01:08
80		24.214.18.131		http		Nov  4 00:57:24
80		67.164.189.42		http		Nov  4 00:16:15
25		67.164.189.42		smtp		Nov  4 00:16:14
110		67.164.189.42		pop3		Nov  4 00:16:14
21		67.164.189.42		ftp 		Nov  4 00:16:13
7		67.164.189.42		echo		Nov  4 00:16:13
53		67.164.189.42		domain		Nov  4 00:16:09
22634		24.254.60.19		unknown		Nov  3 23:49:26
22634		24.254.60.19		unknown		Nov  3 23:48:26
22634		24.254.60.19		unknown		Nov  3 23:47:26
22634		24.254.60.19		unknown		Nov  3 23:46:26
22634		24.254.60.19		unknown		Nov  3 23:45:26
22634		24.254.60.19		unknown		Nov  3 23:44:26
22634		24.254.60.19		unknown		Nov  3 23:43:26
22634		24.254.60.19		unknown		Nov  3 23:42:26
22634		24.254.60.19		unknown		Nov  3 23:41:53
22634		24.254.60.19		unknown		Nov  3 23:41:36
22634		24.254.60.19		unknown		Nov  3 23:41:28
80		24.23.170.219		http		Nov  3 23:39:37
80		24.51.8.166		http		Nov  3 22:57:26
80		24.51.8.166		http		Nov  3 22:57:23
80		24.23.170.219		http		Nov  3 22:47:18
80		24.23.170.219		http		Nov  3 22:47:15
21		80.11.127.241		ftp		Nov  3 22:39:47
21		80.11.127.241		ftp		Nov  3 22:39:41
80		24.23.19.114		http		Nov  3 22:29:26
80		24.23.19.114		http		Nov  3 22:29:23
80		24.23.170.219		http		Nov  3 22:13:45
80		24.23.170.219		http		Nov  3 22:01:43
80		24.23.170.219		http		Nov  3 22:01:40
80		24.23.19.114		http		Nov  3 21:30:41
80		24.23.19.114		http		Nov  3 21:30:38
27374		24.19.71.108		Sub7		Nov  3 21:18:13
27374		24.19.71.108		Sub7		Nov  3 21:18:01
27374		24.19.71.108		Sub7		Nov  3 21:17:55
27374		24.19.71.108		Sub7		Nov  3 21:17:52
80		24.23.19.114		http		Nov  3 20:44:14
80		24.23.19.114		http		Nov  3 20:44:11
80		24.23.19.114		http		Nov  3 20:34:55
80		24.23.19.114		http		Nov  3 20:34:52
80		24.23.19.114		http		Nov  3 20:18:01
80		24.23.19.114		http		Nov  3 20:17:58
80		24.23.170.219		http		Nov  3 20:17:05
80		24.23.170.219		http		Nov  3 20:10:24
80		24.23.170.219		http		Nov  3 20:10:22
34554		24.254.60.39		unknown		Nov  3 20:01:40
80		24.23.170.219		http		Nov  3 20:01:04
80		24.23.170.219		http		Nov  3 20:01:02
34554		24.254.60.39		unknown		Nov  3 20:00:40
34554		24.254.60.39		unknown		Nov  3 19:59:40
34554		24.254.60.39		unknown		Nov  3 19:58:40
34554		24.254.60.39		unknown		Nov  3 19:57:40
34554		24.254.60.39		unknown		Nov  3 19:56:40
34554		24.254.60.39		unknown		Nov  3 19:55:40
34554		24.254.60.39		unknown		Nov  3 19:55:02
34554		24.254.60.39		unknown		Nov  3 19:54:43
34554		24.254.60.39		unknown		Nov  3 19:54:33
53		202.138.113.150		domain		Nov  3 19:54:12
53		202.138.113.150		domain		Nov  3 19:54:06
53		202.138.113.150		domain		Nov  3 19:54:03
27374		24.156.37.3		Sub7		Nov  3 19:42:12
27374		24.156.37.3		Sub7		Nov  3 19:42:06
27374		24.156.37.3		Sub7		Nov  3 19:42:02
80		24.23.19.114		http		Nov  3 19:23:08
80		24.23.19.114		http		Nov  3 19:23:05
111		211.112.143.2		sunrpc		Nov  3 19:22:33
80		24.23.19.114		http		Nov  3 19:21:11
80		24.23.19.114		http		Nov  3 19:21:07
80		24.23.19.114		http		Nov  3 19:11:52
80		24.23.19.114		http		Nov  3 19:11:49
80		24.16.82.182		http		Nov  3 16:25:40
80		24.16.82.182		http		Nov  3 16:25:37
80		24.12.210.113		http		Nov  3 15:50:57
80		24.12.210.113		http		Nov  3 15:50:54
29319		24.254.60.33		unknown		Nov  3 10:13:09
29319		24.254.60.33		unknown		Nov  3 10:12:09
29319		24.254.60.33		unknown		Nov  3 10:11:09
29319		24.254.60.33		unknown		Nov  3 10:10:09
29319		24.254.60.33		unknown		Nov  3 10:09:09
29319		24.254.60.33		unknown		Nov  3 10:08:09
29319		24.254.60.33		unknown		Nov  3 10:07:09
29319		24.254.60.33		unknown		Nov  3 10:06:33
29319		24.254.60.33		unknown		Nov  3 10:06:15
29319		24.254.60.33		unknown		Nov  3 10:06:06
80		213.96.11.21		http		Nov  3 09:52:33
515		157.238.46.30		printer		Nov  3 08:15:20
515		157.238.46.30		printer		Nov  3 08:15:17
111		211.100.18.45		sunrpc		Nov  3 07:54:16
111		211.100.18.45		sunrpc		Nov  3 07:54:13
80		24.234.87.155		http		Nov  3 06:15:40
80		24.234.87.155		http		Nov  3 06:15:37




Bonk
Bonkat_private


================================================


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Stephen: "Re: Firewall hits/unknown ports"
Previous message: Glenn Forbes Fleming Larratt: "Re: Strange connections to ports 1214, 6346 and 28800"
Next in thread: Stephen: "Re: Firewall hits/unknown ports"
Reply: Stephen: "Re: Firewall hits/unknown ports"
Reply: Glenn Forbes Fleming Larratt: "Re: Firewall hits/unknown ports"
Reply: Barber, Chris: "RE: Firewall hits/unknown ports"
Reply: Nick FitzGerald: "Re: Firewall hits/unknown ports"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Nov 04 2001 - 17:40:57 PST