Surge of attacks on ports 61127 & 61134

From: Joseph (josephat_private)
Date: Thu Jul 25 2002 - 11:55:33 PDT

Next message: Sebastian: "Re: Bind 9.2.X exploit???"

Previous message: SilentCreek: "Re: Anyone know this rootkit (rootkits?)"
In reply to: David Conrad: "Re: Bind 9.2.X exploit???"
Next in thread: Joseph: "Re: Surge of attacks on ports 61127 & 61134"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This morning my logs showed me a surge of new UDP packets attacks, mainly 
to ports 61127 & 61134 . I can't find any info on this, so I'm wondering 
what it can be.

It seems very well known, if I can say, because source IPs are from 
everywhere, I must have gotten a good 50-80 probes. 

I see alot different *dip.t-dialin.net  orgin sources, which 
*dip.t-dialin.net seems to make the top 10 attack list at dshield and 
incidents' website.

Curious, new virus? or attack tool? 

I don't have a log of the packet, justs its denial attempt. Normally, all 
my attacks are standard stuff, this pops out like really new...




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Sebastian: "Re: Bind 9.2.X exploit???"
Previous message: SilentCreek: "Re: Anyone know this rootkit (rootkits?)"
In reply to: David Conrad: "Re: Bind 9.2.X exploit???"
Next in thread: Joseph: "Re: Surge of attacks on ports 61127 & 61134"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 25 2002 - 11:31:12 PDT