Scans for 17300/tcp starting again

From: jchaserat_private
Date: Wed Jul 30 2003 - 17:13:31 PDT

Next message: Stuart: "RE: Exploit for Windows RPC may be in the wild!"

Previous message: Jordan Wiens: "Re: Command Line RPC vulnerability scanner?"
Next in thread: Joe Matusiewicz: "Re: Scans for 17300/tcp starting again"
Reply: Joe Matusiewicz: "Re: Scans for 17300/tcp starting again"
Reply: DeGennaro, Gregory: "RE: Scans for 17300/tcp starting again"
Reply: Esler, Joel Contractor: "RE: Scans for 17300/tcp starting again"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Jul 27 05:14:46 IN=eth0 SRC=67.115.163.162 DST=129.X.Y.Z LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=35431 DF PROTO=TCP SPT=2652 DPT=17300 WINDOW=8160 RES=0x00 SYN URGP=0 OPT (0204055001010402) Jul 27 10:51:19 IN=eth0 SRC=217.88.161.245 DST=129.X.Y.Z LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=56655 DF PROTO=TCP SPT=4181 DPT=17300 WINDOW=32767 RES=0x00 SYN URGP=0 OPT (020405AC0103030001010402) Jul 27 11:04:50 IN=eth0 SRC=217.88.161.245 DST=129.X.Y.Z LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=65214 DF PROTO=TCP SPT=1500 DPT=17300 WINDOW=32767 RES=0x00 SYN URGP=0 Jul 27 13:35:33 IN=eth0 SRC=172.178.137.182 DST=129.X.Y.Z LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=2788 DF PROTO=TCP SPT=2990 DPT=17300 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204055001010402) Jul 27 13:49:54 IN=eth0 SRC=172.178.137.182 DST=129.X.Y.Z LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=14232 DF PROTO=TCP SPT=1628 DPT=17300 WINDOW=65535 RES=0x00 SYN URGP=0 Jul 27 14:42:19 IN=eth0 SRC=69.14.236.37 DST=129.X.Y.Z LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=61016 DF PROTO=TCP SPT=4107 DPT=17300 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Jul 27 14:48:15 IN=eth0 SRC=80.142.223.209 DST=129.X.Y.Z LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=14373 DF PROTO=TCP SPT=4490 DPT=17300 WINDOW=32767 RES=0x00 SYN URGP=0 OPT (020405AC0103030001010402) Jul 27 14:57:11 IN=eth0 SRC=69.14.236.37 DST=129.X.Y.Z LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=41548 DF PROTO=TCP SPT=2197 DPT=17300 WINDOW=16384 RES=0x00 SYN URGP=0 Jul 27 15:02:19 IN=eth0 SRC=80.142.223.209 DST=129.X.Y.Z LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=21858 DF PROTO=TCP SPT=4494 DPT=17300 WINDOW=32767 RES=0x00 SYN URGP=0 Jul 28 09:11:07 IN=eth0 SRC=80.167.199.116 DST=129.X.Y.Z LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=30980 DF PROTO=TCP SPT=4402 DPT=17300 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Jul 28 09:24:36 IN=eth0 SRC=80.167.199.116 DST=129.X.Y.Z LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=29558 DF PROTO=TCP SPT=1499 DPT=17300 WINDOW=16384 RES=0x00 SYN URGP=0 Jul 29 07:11:41 IN=eth0 SRC=199.174.135.48 DST=129.X.Y.Z LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=32659 DF PROTO=TCP SPT=3940 DPT=17300 WINDOW=8760 RES=0x00 SYN URGP=0 OPT (020405B401010402) Jul 29 07:25:24 IN=eth0 SRC=199.174.135.48 DST=129.X.Y.Z LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=31495 DF PROTO=TCP SPT=2074 DPT=17300 WINDOW=8760 RES=0x00 SYN URGP=0 Jul 29 09:32:41 IN=eth0 SRC=66.183.255.129 DST=129.X.Y.Z LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=53709 DF PROTO=TCP SPT=2394 DPT=17300 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B401010402) Jul 29 09:48:18 IN=eth0 SRC=66.183.255.129 DST=129.X.Y.Z LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=4827 DF PROTO=TCP SPT=3240 DPT=17300 WINDOW=64240 RES=0x00 SYN URGP=21484 Jul 29 12:56:44 IN=eth0 SRC=68.80.26.104 DST=129.X.Y.Z LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=10313 DF PROTO=TCP SPT=2005 DPT=17300 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B401010402) Jul 29 13:10:35 IN=eth0 SRC=68.80.26.104 DST=129.X.Y.Z LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=7714 DF PROTO=TCP SPT=2682 DPT=17300 WINDOW=64240 RES=0x00 SYN URGP=0 Jul 29 15:06:05 IN=eth0 SRC=80.83.57.213 DST=129.X.Y.Z LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=4233 DF PROTO=TCP SPT=4583 DPT=17300 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Jul 29 15:20:14 IN=eth0 SRC=80.83.57.213 DST=129.X.Y.Z LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=20004 DF PROTO=TCP SPT=4088 DPT=17300 WINDOW=16384 RES=0x00 SYN URGP=0 Jul 29 20:59:36 IN=eth0 SRC=24.103.56.108 DST=129.X.Y.Z LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=9492 DF PROTO=TCP SPT=4404 DPT=17300 WINDOW=16384 RES=0x00 SYN URGP=0 --------------------------------------------------------------------------- ----------------------------------------------------------------------------

Next message: Stuart: "RE: Exploit for Windows RPC may be in the wild!"
Previous message: Jordan Wiens: "Re: Command Line RPC vulnerability scanner?"
Next in thread: Joe Matusiewicz: "Re: Scans for 17300/tcp starting again"
Reply: Joe Matusiewicz: "Re: Scans for 17300/tcp starting again"
Reply: DeGennaro, Gregory: "RE: Scans for 17300/tcp starting again"
Reply: Esler, Joel Contractor: "RE: Scans for 17300/tcp starting again"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 31 2003 - 07:49:21 PDT