Re: increased attacks on port 2599

From: H C (keydet89at_private)
Date: Sat Nov 23 2002 - 06:05:20 PST

  • Next message: Etaoin Shrdlu: "Re: Proxy server hit... Any ideas?" 

    Joel,

All I see are SYN packets...where are the 'attacks'
you mention?


--- "Esler, Joel -- Sytex Contractor"
<joel.eslerat_private> wrote:
> I have started to notice an increased amount of
> attacks @ port 2599...
> ssh2.  Can anyone confirm this, or has seen a new
> exploit out for this port?
> 
> FWIN,2002/11/21,02:04:36 -5:00
> GMT,138.23.59.235:3069,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:05:26 -5:00
> GMT,66.125.94.236:3169,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:07:56 -5:00
> GMT,138.23.59.235:3076,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:10:50 -5:00
> GMT,138.23.59.235:3088,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:11:30 -5:00
> GMT,138.23.59.235:3092,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:11:58 -5:00
> GMT,138.23.59.235:3095,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:13:22 -5:00
> GMT,138.23.59.235:3105,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:13:52 -5:00
> GMT,138.23.59.235:3108,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:17:00 -5:00
> GMT,138.23.59.235:3117,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:17:50 -5:00
> GMT,138.23.59.235:3121,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:22:02 -5:00
> GMT,138.23.59.235:3133,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:22:56 -5:00
> GMT,138.23.59.235:3137,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:27:02 -5:00
> GMT,138.23.59.235:3148,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:27:56 -5:00
> GMT,138.23.59.235:3152,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:28:52 -5:00
> GMT,138.23.59.235:3159,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:29:50 -5:00
> GMT,138.23.59.235:3168,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:29:58 -5:00
> GMT,138.23.59.235:3171,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:30:20 -5:00
> GMT,138.23.59.235:3175,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:31:26 -5:00
> GMT,138.23.59.235:3179,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:31:52 -5:00
> GMT,152.38.26.111:33651,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:36:26 -5:00
> GMT,138.23.59.235:3193,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:40:52 -5:00
> GMT,172.159.203.19:2708,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:41:28 -5:00
> GMT,138.23.59.235:3214,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:45:36 -5:00
> GMT,138.23.59.235:3225,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:46:10 -5:00
> GMT,138.23.59.235:3229,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:46:40 -5:00
> GMT,138.23.59.235:3235,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:47:18 -5:00
> GMT,138.23.59.235:3239,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:50:32 -5:00
> GMT,138.23.59.235:3251,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:55:34 -5:00
> GMT,138.23.59.235:3264,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:56:04 -5:00
> GMT,138.23.59.235:3267,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:56:36 -5:00
> GMT,138.23.59.235:3271,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,02:57:24 -5:00
> GMT,138.23.59.235:3275,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,03:05:40 -5:00
> GMT,129.71.156.115:44307,65.80.164xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,03:34:10 -5:00
> GMT,152.38.26.111:41467,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,03:51:42 -5:00
> GMT,152.38.26.111:43364,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,06:54:36 -5:00
> GMT,172.132.176.78:2102,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,08:05:26 -5:00
> GMT,129.71.156.115:36744,65.80.164.xx:2599,TCP
> (flags:S)
> FWIN,2002/11/21,09:00:08 -5:00
> GMT,172.159.203.19:2133,65.80.164.xx:2599,TCP
> (flags:S)
> 
> 
> Any thoughts?
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system
> (http://www.grisoft.com).
> Version: 6.0.419 / Virus Database: 235 - Release
> Date: 11/13/2002
> 
> 
>
----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS
> analyzer service.
> For more information on this free incident handling,
> management 
> and tracking system please see:
> http://aris.securityfocus.com
> 


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus – Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

    This archive was generated by hypermail 2b30 : Mon Nov 25 2002 - 09:12:40 PST