6112/TCP scans

From: Paul Dokas (dokasat_private)
Date: Fri Dec 07 2001 - 13:14:16 PST

Next message: Patrick Patterson: "Re: Port 113 requests?"

Previous message: Valdis.Kletnieksat_private: "Re: Port 113 requests?"
Next in thread: dewt: "Re: 6112/TCP scans"
Reply: dewt: "Re: 6112/TCP scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Is anyone else seeing large numbers of 6112/TCP scan coming from
63.240.0.0 - 63.242.255.255?  I'm seeing about 10/minute destined to
random IPs within my networks.  The scanning technique looks exactly
like the TCPMUX scans that were occuring a few months ago (forgive me,
I can't remember what the technique was, just that it was really odd).

Obviously, they're looking for vulnerable CDE installations.

Paul
-- 
Paul Dokas                                            dokasat_private
======================================================================
Don Juan Matus:  "an enigma wrapped in mystery wrapped in a tortilla."

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Patrick Patterson: "Re: Port 113 requests?"
Previous message: Valdis.Kletnieksat_private: "Re: Port 113 requests?"
Next in thread: dewt: "Re: 6112/TCP scans"
Reply: dewt: "Re: 6112/TCP scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 07 2001 - 14:19:35 PST