high activity on port 3061 udp/tcp

From: Marcelo Bartsch (mbartschat_private)
Date: Fri Dec 06 2002 - 13:25:49 PST

Next message: Jack Arenberg: "Does W2k issue an NBNS query automatically following each unsuccessful reverse DNS query?"

Previous message: Mike Katz: "Re: A small quandary"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello
Does anyone has seen an increase of activity on port 3061 tcp and udp?

today i register at least 5000 drops on my firewall just today ,all of
the has the same ip as target.

some part of the logs
Dec  6 18:21:50 fw-int kernel: UDP DROP (global REJECT): IN=eth2
OUT=eth0 SRC=200.30.216.98 DST=XXX.XX.XX.XXX LEN=70 TOS=0x00 PREC=0x00
TTL=122 ID=61524 PROTO=UDP SPT=2189 DPT=3061 LEN=50

SRC Address are multiple ones


-- 
   Marcelo Bartsch
mbartschat_private
  www.netglobalis.net

PGP Fingerprint : 
877E 3A56 F523 B44A 3260  8F83 8916 E158 6100 F721


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Jack Arenberg: "Does W2k issue an NBNS query automatically following each unsuccessful reverse DNS query?"
Previous message: Mike Katz: "Re: A small quandary"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Dec 08 2002 - 19:37:20 PST