Hi Guys, Got a lot of traffic destined for TCP/11890 on my network. This has been steadily increasing over the past 48 hours and is starting to bug me a little now. Here's a breakdown... 14416 attempts over the past 48 hours. 3636 on Sep 24. 8844 on Sep 25. 2586 today (1300 Sep 26) 163 different src hosts from 38 different class A's The lightest hosts have sent 2 packets (nothing under 2) and the heaviest host has sent 4614 packets. Source ports on a fairly random increment - so seems OS based - doesn't resemble a packet injection suite at any rate...! 4 attempts from each src port and then it moves on up...! It seems all of these hosts are Win2k / XP hosts and most seem to be DSL/cable subscribers...! Anyone know what this is? Kind Regards, -- Scott Nursten -------------------------- S2S Consultants T: 01444 232 742 F: 01444 232 061 W: http://s2s.ltd.uk E: scottnat_private -------------------------- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Sep 26 2002 - 21:05:21 PDT