Re: Port 3335

From: Robin Lynn Frank (rlfrank@paradigm-omega.com)
Date: Mon Mar 10 2003 - 18:09:44 PST
Next message: gabriel rosenkoetter: "Re: Real-world attacks on sendmail CA-2003-07 seen"
Previous message: Corey Coblentz: "Re: W2K Compromise - PipeCmdSrv"
In reply to: Harlan Carvey: "Re: Port 3335"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Monday 10 March 2003 11:29 am, Harlan Carvey wrote:
> Robin,
>
> Did you do any research, or happen to set up a
> listener/proxy to capture any data?
>
> Is this TCP or UDP?  Was it dropped at your f/w?
>
> How many of your systems were targetted?  Any in
> particular, or a wide range of systems?
>
This ocurred at only one of our servers, which being in a remote location, 
only has internet access via dialup without a static IP, so the chance that 
our server was actually targeted appear small.

None of the servers at our other locations showed any traffic on this port.  
Our firewall dropped all of it.

The fact that there appear to be a number of originating IPs has me curious.
# grep -i '3335' /home/omega13/tmp/syslog.1
Mar  4 19:36:01 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.230.43.196 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=49415 
DF PROTO=TCP SPT=1386 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 19:36:01 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.230.43.196 DST=162.42.19.68 LEN=1341 TOS=0x00 PREC=0x00 TTL=107 
ID=49414 PROTO=UDP SPT=1564 DPT=3335 LEN=1321
Mar  4 19:36:04 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.230.43.196 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=49432 
DF PROTO=TCP SPT=1386 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 19:36:04 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.230.43.196 DST=162.42.19.68 LEN=1341 TOS=0x00 PREC=0x00 TTL=107 
ID=49433 PROTO=UDP SPT=1564 DPT=3335 LEN=1321
Mar  4 19:36:07 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.230.43.196 DST=162.42.19.68 LEN=1341 TOS=0x00 PREC=0x00 TTL=107 
ID=49436 PROTO=UDP SPT=1564 DPT=3335 LEN=1321
Mar  4 19:36:11 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.230.43.196 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=49439 
DF PROTO=TCP SPT=1386 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 19:37:07 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=58252 
PROTO=TCP SPT=63977 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 19:37:11 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=2189 
PROTO=TCP SPT=63977 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 19:37:16 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=11405 
PROTO=TCP SPT=63977 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 19:37:29 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=29069 
PROTO=TCP SPT=63977 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 19:40:28 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=21650 
PROTO=TCP SPT=14903 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 19:40:30 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=22930 
PROTO=TCP SPT=14903 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 19:40:36 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=213.189.87.69 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=51321 
DF PROTO=TCP SPT=4400 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
Mar  4 19:40:37 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=32146 
PROTO=TCP SPT=14903 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 19:40:38 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=213.189.87.69 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=51417 
DF PROTO=TCP SPT=4400 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=18149
Mar  4 19:40:45 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=213.189.87.69 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=51596 
DF PROTO=TCP SPT=4400 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
Mar  4 19:40:48 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=45 ID=56978 
PROTO=TCP SPT=14903 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 19:44:09 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=213.189.87.69 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=56674 
DF PROTO=TCP SPT=4492 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=35637
Mar  4 19:44:12 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=213.189.87.69 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=56748 
DF PROTO=TCP SPT=4492 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=54478
Mar  4 19:51:02 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=172.145.72.85 DST=162.42.19.68 LEN=1341 TOS=0x00 PREC=0x00 TTL=111 
ID=60682 PROTO=UDP SPT=3195 DPT=3335 LEN=1321
Mar  4 19:51:02 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=172.145.72.85 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=60683 
DF PROTO=TCP SPT=2737 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
Mar  4 19:51:05 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=172.145.72.85 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=60685 
DF PROTO=TCP SPT=2737 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
Mar  4 19:51:06 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=172.145.72.85 DST=162.42.19.68 LEN=1341 TOS=0x00 PREC=0x00 TTL=111 
ID=60686 PROTO=UDP SPT=3195 DPT=3335 LEN=1321
Mar  4 19:51:09 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=172.145.72.85 DST=162.42.19.68 LEN=1341 TOS=0x00 PREC=0x00 TTL=111 
ID=60687 PROTO=UDP SPT=3195 DPT=3335 LEN=1321
Mar  4 19:51:11 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=172.145.72.85 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=60698 
DF PROTO=TCP SPT=2737 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
Mar  4 19:55:48 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.216.199.9 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=274 DF 
PROTO=TCP SPT=3571 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 19:55:50 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.216.199.9 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=308 DF 
PROTO=TCP SPT=3571 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 19:55:57 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.216.199.9 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=426 DF 
PROTO=TCP SPT=3571 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 19:57:28 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=199.44.175.42 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=103 ID=27048 
DF PROTO=TCP SPT=64582 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 20:03:31 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.226.32.53 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=21135 
DF PROTO=TCP SPT=3466 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
Mar  4 20:03:34 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.226.32.53 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=21145 
DF PROTO=TCP SPT=3466 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
Mar  4 20:03:40 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.226.32.53 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=21154 
DF PROTO=TCP SPT=3466 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
Mar  4 20:03:51 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=170.215.15.177 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=113 
ID=44550 DF PROTO=TCP SPT=61283 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 20:03:54 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=170.215.15.177 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=113 
ID=44587 DF PROTO=TCP SPT=61283 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 20:04:00 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=170.215.15.177 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=113 
ID=44689 DF PROTO=TCP SPT=61283 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 20:05:34 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.212.16.64 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=65271 
DF PROTO=TCP SPT=4649 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 20:05:34 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.230.63.77 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=47821 
DF PROTO=TCP SPT=3042 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 20:05:37 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.212.16.64 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=65274 
DF PROTO=TCP SPT=4649 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 20:05:38 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.230.63.77 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=47943 
DF PROTO=TCP SPT=3042 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 20:05:43 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.212.16.64 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=65278 
DF PROTO=TCP SPT=4649 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 20:05:43 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.230.63.77 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=48090 
DF PROTO=TCP SPT=3042 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 20:05:56 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.161.179.70 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=13979 
DF PROTO=TCP SPT=3938 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 20:05:59 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.161.179.70 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=13982 
DF PROTO=TCP SPT=3938 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 20:06:04 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=80.62.253.203 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=17922 
DF PROTO=TCP SPT=1106 DPT=3335 WINDOW=8192 RES=0x00 SYN URGP=0
Mar  4 20:06:05 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.161.179.70 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=13993 
DF PROTO=TCP SPT=3938 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 20:06:07 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=80.62.253.203 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=18946 
DF PROTO=TCP SPT=1106 DPT=3335 WINDOW=8192 RES=0x00 SYN URGP=0
Mar  4 20:06:07 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=80.62.253.203 DST=162.42.19.68 LEN=1341 TOS=0x00 PREC=0x00 TTL=111 
ID=19202 PROTO=UDP SPT=3224 DPT=3335 LEN=1321
Mar  4 20:06:10 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=80.62.253.203 DST=162.42.19.68 LEN=1341 TOS=0x00 PREC=0x00 TTL=111 
ID=45570 PROTO=UDP SPT=3224 DPT=3335 LEN=1321
Mar  4 20:06:13 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=80.62.253.203 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=61186 
DF PROTO=TCP SPT=1106 DPT=3335 WINDOW=8192 RES=0x00 SYN URGP=0
Mar  4 20:06:25 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=80.62.253.203 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=30467 
DF PROTO=TCP SPT=1106 DPT=3335 WINDOW=8192 RES=0x00 SYN URGP=0
Mar  4 20:06:41 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.226.32.53 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=23122 
DF PROTO=TCP SPT=3481 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=23721
Mar  4 20:06:43 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.226.32.53 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=23192 
DF PROTO=TCP SPT=3481 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=12468
Mar  4 20:06:49 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.226.32.53 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=23202 
DF PROTO=TCP SPT=3481 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=12468
Mar  4 20:07:00 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=24.217.56.145 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=42443 
DF PROTO=TCP SPT=3082 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
Mar  4 20:07:03 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=24.217.56.145 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=42450 
DF PROTO=TCP SPT=3082 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
Mar  4 20:07:09 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=24.217.56.145 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=42454 
DF PROTO=TCP SPT=3082 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
Mar  4 20:07:25 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.252.200.144 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=104 
ID=31042 DF PROTO=TCP SPT=2097 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
Mar  4 20:07:34 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=12.252.200.144 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=104 
ID=31045 DF PROTO=TCP SPT=2097 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
Mar  4 20:07:49 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=128.211.144.175 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=109 
ID=64850 DF PROTO=TCP SPT=3560 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
Mar  4 20:07:53 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=128.211.144.175 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=109 
ID=64852 DF PROTO=TCP SPT=3560 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
Mar  4 20:07:59 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=128.211.144.175 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=109 
ID=64854 DF PROTO=TCP SPT=3560 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
Mar  4 20:08:11 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=216.93.198.54 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=60923 
DF PROTO=TCP SPT=22990 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
Mar  4 20:08:14 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=216.93.198.54 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=60925 
DF PROTO=TCP SPT=22990 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
Mar  4 20:08:20 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=216.93.198.54 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=60926 
DF PROTO=TCP SPT=22990 DPT=3335 WINDOW=16384 RES=0x00 SYN URGP=0
Mar  4 20:08:51 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=170.215.15.177 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=113 
ID=47864 DF PROTO=TCP SPT=61309 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 20:08:54 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=170.215.15.177 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=113 
ID=47868 DF PROTO=TCP SPT=61309 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 20:09:00 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=170.215.15.177 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=113 
ID=47876 DF PROTO=TCP SPT=61309 DPT=3335 WINDOW=64240 RES=0x00 SYN URGP=0
Mar  4 20:12:29 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=13731 
PROTO=TCP SPT=42182 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:12:32 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=14499 
PROTO=TCP SPT=42182 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:12:38 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=17059 
PROTO=TCP SPT=42182 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:12:47 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=20643 
PROTO=TCP SPT=43635 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:12:49 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=21667 
PROTO=TCP SPT=42182 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:12:50 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=21923 
PROTO=TCP SPT=43635 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:12:57 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=22691 
PROTO=TCP SPT=43635 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:13:08 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=27043 
PROTO=TCP SPT=43635 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:13:28 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=34211 
PROTO=TCP SPT=46639 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:13:31 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=35747 
PROTO=TCP SPT=46639 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:13:37 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=39075 
PROTO=TCP SPT=46639 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:13:48 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=44963 
PROTO=TCP SPT=46639 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:14:27 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=6820 
PROTO=TCP SPT=51156 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:14:32 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=12196 
PROTO=TCP SPT=51156 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:14:44 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=18084 
PROTO=TCP SPT=51156 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:21:08 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=163.179.182.128 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=109 
ID=26413 DF PROTO=TCP SPT=1882 DPT=3335 WINDOW=8760 RES=0x00 SYN URGP=0
Mar  4 20:21:11 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=163.179.182.128 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=109 
ID=26429 DF PROTO=TCP SPT=1882 DPT=3335 WINDOW=8760 RES=0x00 SYN URGP=0
Mar  4 20:21:12 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=163.179.182.128 DST=162.42.19.68 LEN=1341 TOS=0x00 PREC=0x00 TTL=109 
ID=26431 PROTO=UDP SPT=3024 DPT=3335 LEN=1321
Mar  4 20:21:15 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=163.179.182.128 DST=162.42.19.68 LEN=1341 TOS=0x00 PREC=0x00 TTL=109 
ID=26448 PROTO=UDP SPT=3024 DPT=3335 LEN=1321
Mar  4 20:21:17 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=163.179.182.128 DST=162.42.19.68 LEN=48 TOS=0x00 PREC=0x00 TTL=109 
ID=26466 DF PROTO=TCP SPT=1882 DPT=3335 WINDOW=8760 RES=0x00 SYN URGP=0
Mar  4 20:26:13 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=28843 
PROTO=TCP SPT=40909 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:26:16 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=31147 
PROTO=TCP SPT=40909 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:26:22 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=33963 
PROTO=TCP SPT=40909 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:26:34 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=41643 
PROTO=TCP SPT=40909 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:27:27 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=19372 
PROTO=TCP SPT=46462 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:27:30 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=20652 
PROTO=TCP SPT=46462 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:27:45 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=28076 
PROTO=TCP SPT=47757 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:27:48 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=28844 
PROTO=TCP SPT=47757 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:27:48 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=28588 
PROTO=TCP SPT=46462 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:27:54 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=31148 
PROTO=TCP SPT=47757 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:28:06 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=34220 
PROTO=TCP SPT=47757 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:29:07 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=65452 
PROTO=TCP SPT=54577 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0
Mar  4 20:29:25 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
SRC=66.82.112.1 DST=162.42.19.68 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=2989 
PROTO=TCP SPT=54577 DPT=3335 WINDOW=3392 RES=0x00 SYN URGP=0

-- 
Sed quis custodiet ipsos custodes?
==========================================================================
Robin Lynn Frank - Director of Operations - Paradigm-Omega, LLC
Copyright and PGP/GPG info in mail or message headers.
Email acceptance policy at http://paradigm-omega.com/email_policy.html
==========================================================================

----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
Next message: gabriel rosenkoetter: "Re: Real-world attacks on sendmail CA-2003-07 seen"
Previous message: Corey Coblentz: "Re: W2K Compromise - PipeCmdSrv"
In reply to: Harlan Carvey: "Re: Port 3335"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b30 : Tue Mar 11 2003 - 08:37:29 PST