('binary' encoding is not supported, stored as-is) In-Reply-To: <Law15-F50f3sllNY30k0001b928at_private> Hello morgs, >Is it just me or is anyone else getting nailed every 1 minite from various >sources asking for a connection to port 2048. There seems to be various >services that use this port including things like router configuration and >ssh in some cases. Some new worm or virus maybe? > Every minute would be nice, there are a few million connections a day in our /19 net currently and the number is radidply rising (since 2003-08-19). Am I right you get this Information from a Cisco router or a non-Linux firewall? I also wondered what port 2048/icmp wolud mean. The ICMP Protocol doesn't implement ports, but the headers are similar to TCP and UDP. ICMP uses specific Types and codes instead of ports. If you code "2048" to HEX, you get 0x8000, this means ICMP type 8, code 0, in words "echo request" aka "ping". It took me some time to figure out these connections are ordinary pings. Anyway, they cause heavy load to our Netflow-based Accounting. Does anybody have the same problems or even knows where the scans come from? Marcel --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sat Aug 23 2003 - 13:57:57 PDT