What's going on here?

From: Jackie (JackieJat_private)
Date: Fri Aug 23 2002 - 16:57:28 PDT

Next message: Netw3 Security Research: "TCP 6129 - Dameware, TCP 17890 IIS.EXE, SVR1984.exe - Team Liquid"

Previous message: Skip Carter: "Re: looking for what? portscan 15000/tcp"
Next in thread: NESTING, DAVID M (SBCSI): "RE: What's going on here?"
Reply: NESTING, DAVID M (SBCSI): "RE: What's going on here?"
Reply: Yonatan Bokovza: "RE: What's going on here?"
Reply: wykkydat_private: "Re: What's going on here?"
Reply: wykkydat_private: "Re: What's going on here?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ZoneAlarm reported this burst, all from port 80 on a reserved IP
block. What the honk's going on?


FWIN,2002/08/23,18:47:42 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:9176,TCP (flags:S)
FWIN,2002/08/23,18:47:42 -4:00 GMT,10.10.2.105:80,xxx.xx.96.7:13682,TCP (flags:S)
FWIN,2002/08/23,18:47:42 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:12156,TCP (flags:S)
FWIN,2002/08/23,18:47:44 -4:00 GMT,10.10.2.109:80,xxx.xx.96.7:28165,TCP (flags:S)
FWIN,2002/08/23,18:47:44 -4:00 GMT,10.60.1.103:80,xxx.xx.96.7:13290,TCP (flags:S)
FWIN,2002/08/23,18:47:46 -4:00 GMT,10.10.2.110:80,xxx.xx.96.7:64194,TCP (flags:S)
FWIN,2002/08/23,18:47:46 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:13928,TCP (flags:S)
FWIN,2002/08/23,18:47:56 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:6601,TCP (flags:S)
FWIN,2002/08/23,18:47:56 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:9176,TCP (flags:S)
FWIN,2002/08/23,18:47:58 -4:00 GMT,10.10.2.105:80,xxx.xx.96.7:16797,TCP (flags:S)
FWIN,2002/08/23,18:47:58 -4:00 GMT,10.10.2.107:80,xxx.xx.96.7:5692,TCP (flags:S)
FWIN,2002/08/23,18:48:00 -4:00 GMT,10.60.1.103:80,xxx.xx.96.7:13290,TCP (flags:S)
FWIN,2002/08/23,18:48:00 -4:00 GMT,10.10.2.109:80,xxx.xx.96.7:48388,TCP (flags:S)
FWIN,2002/08/23,18:48:02 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:12516,TCP (flags:S)
FWIN,2002/08/23,18:48:02 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:61199,TCP (flags:S)
FWIN,2002/08/23,18:48:02 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:52484,TCP (flags:S)
FWIN,2002/08/23,18:48:14 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:6601,TCP (flags:S)
FWIN,2002/08/23,18:48:16 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:9176,TCP (flags:S)
FWIN,2002/08/23,18:48:16 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:44131,TCP (flags:S)
FWIN,2002/08/23,18:48:20 -4:00 GMT,10.10.2.105:80,xxx.xx.96.7:13682,TCP (flags:S)
FWIN,2002/08/23,18:48:20 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:12156,TCP (flags:S)
FWIN,2002/08/23,18:48:22 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:33730,TCP (flags:S)
FWIN,2002/08/23,18:48:22 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:61199,TCP (flags:S)
FWIN,2002/08/23,18:48:24 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:52484,TCP (flags:S)
FWIN,2002/08/23,18:48:26 -4:00 GMT,10.10.2.110:80,xxx.xx.96.7:64194,TCP (flags:S)
FWIN,2002/08/23,18:48:26 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:13928,TCP (flags:S)
FWIN,2002/08/23,18:48:26 -4:00 GMT,10.10.2.105:80,xxx.xx.96.7:16797,TCP (flags:S)
FWIN,2002/08/23,18:48:26 -4:00 GMT,10.10.2.107:80,xxx.xx.96.7:5692,TCP (flags:S)
FWIN,2002/08/23,18:48:28 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:6601,TCP (flags:S)
FWIN,2002/08/23,18:48:28 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:9176,TCP (flags:S)
FWIN,2002/08/23,18:48:28 -4:00 GMT,10.10.2.109:80,xxx.xx.96.7:48388,TCP (flags:S)
FWIN,2002/08/23,18:48:28 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:12516,TCP (flags:S)
FWIN,2002/08/23,18:48:30 -4:00 GMT,10.10.2.109:80,xxx.xx.96.7:44131,TCP (flags:S)
FWIN,2002/08/23,18:48:32 -4:00 GMT,10.60.1.103:80,xxx.xx.96.7:13290,TCP (flags:S)
FWIN,2002/08/23,18:48:32 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:33730,TCP (flags:S)
FWIN,2002/08/23,18:48:32 -4:00 GMT,10.60.1.102:80,xxx.xx.96.7:61199,TCP (flags:S)
FWIN,2002/08/23,18:48:34 -4:00 GMT,10.10.2.112:80,xxx.xx.96.7:59112,TCP (flags:S)
FWIN,2002/08/23,18:48:44 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:44131,TCP (flags:S)
FWIN,2002/08/23,18:48:48 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:53605,TCP (flags:S)
FWIN,2002/08/23,18:49:06 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:44517,TCP (flags:S)
FWIN,2002/08/23,18:49:10 -4:00 GMT,10.10.2.105:80,xxx.xx.96.7:13682,TCP (flags:S)
FWIN,2002/08/23,18:49:12 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:12156,TCP (flags:S)
FWIN,2002/08/23,18:49:12 -4:00 GMT,10.10.2.109:80,xxx.xx.96.7:28165,TCP (flags:S)
FWIN,2002/08/23,18:49:14 -4:00 GMT,10.10.2.110:80,xxx.xx.96.7:64194,TCP (flags:S)
FWIN,2002/08/23,18:49:14 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:13928,TCP (flags:S)
FWIN,2002/08/23,18:49:16 -4:00 GMT,10.10.2.105:80,xxx.xx.96.7:16797,TCP (flags:S)
FWIN,2002/08/23,18:49:16 -4:00 GMT,10.10.2.107:80,xxx.xx.96.7:5692,TCP (flags:S)
FWIN,2002/08/23,18:49:16 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:53605,TCP (flags:S)
FWIN,2002/08/23,18:49:18 -4:00 GMT,10.10.2.109:80,xxx.xx.96.7:48388,TCP (flags:S)
FWIN,2002/08/23,18:49:18 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:12516,TCP (flags:S)
FWIN,2002/08/23,18:49:18 -4:00 GMT,10.10.2.109:80,xxx.xx.96.7:44131,TCP (flags:S)
FWIN,2002/08/23,18:49:30 -4:00 GMT,10.10.2.105:80,xxx.xx.96.7:24023,TCP (flags:S)
FWIN,2002/08/23,18:49:32 -4:00 GMT,10.10.2.112:80,xxx.xx.96.7:59112,TCP (flags:S)
FWIN,2002/08/23,18:49:34 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:44131,TCP (flags:S)
FWIN,2002/08/23,18:49:36 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:44517,TCP (flags:S)
FWIN,2002/08/23,18:49:38 -4:00 GMT,10.10.2.111:80,xxx.xx.96.7:34705,TCP (flags:S)
FWIN,2002/08/23,18:49:38 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:52067,TCP (flags:S)
FWIN,2002/08/23,18:50:00 -4:00 GMT,10.10.2.105:80,xxx.xx.96.7:24023,TCP (flags:S)
FWIN,2002/08/23,18:50:10 -4:00 GMT,10.10.2.105:80,xxx.xx.96.7:13682,TCP (flags:S)
FWIN,2002/08/23,18:50:10 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:12156,TCP (flags:S)
FWIN,2002/08/23,18:50:14 -4:00 GMT,10.10.2.110:80,xxx.xx.96.7:64194,TCP (flags:S)
FWIN,2002/08/23,18:50:14 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:13928,TCP (flags:S)
FWIN,2002/08/23,18:50:14 -4:00 GMT,10.10.2.105:80,xxx.xx.96.7:16797,TCP (flags:S)
FWIN,2002/08/23,18:50:16 -4:00 GMT,10.10.2.107:80,xxx.xx.96.7:5692,TCP (flags:S)
FWIN,2002/08/23,18:50:16 -4:00 GMT,10.10.2.103:80,xxx.xx.96.7:53605,TCP (flags:S)
FWIN,2002/08/23,18:50:16 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:53605,TCP (flags:S)
FWIN,2002/08/23,18:50:18 -4:00 GMT,10.10.2.109:80,xxx.xx.96.7:48388,TCP (flags:S)
FWIN,2002/08/23,18:50:18 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:12516,TCP (flags:S)
FWIN,2002/08/23,18:50:18 -4:00 GMT,10.10.2.109:80,xxx.xx.96.7:44131,TCP (flags:S)
FWIN,2002/08/23,18:50:32 -4:00 GMT,10.10.2.112:80,xxx.xx.96.7:59112,TCP (flags:S)
FWIN,2002/08/23,18:50:34 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:44131,TCP (flags:S)
FWIN,2002/08/23,18:50:36 -4:00 GMT,10.10.2.104:80,xxx.xx.96.7:44517,TCP (flags:S)



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Netw3 Security Research: "TCP 6129 - Dameware, TCP 17890 IIS.EXE, SVR1984.exe - Team Liquid"
Previous message: Skip Carter: "Re: looking for what? portscan 15000/tcp"
Next in thread: NESTING, DAVID M (SBCSI): "RE: What's going on here?"
Reply: NESTING, DAVID M (SBCSI): "RE: What's going on here?"
Reply: Yonatan Bokovza: "RE: What's going on here?"
Reply: wykkydat_private: "Re: What's going on here?"
Reply: wykkydat_private: "Re: What's going on here?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 26 2002 - 08:35:26 PDT