('binary' encoding is not supported, stored as-is) In-Reply-To: <Law15-F50f3sllNY30k0001b928at_private> We are seeing the same thing on our routers. What is troubling me is that it is incrementing the dest ip by one each second. Like it is scanning. It is scanning internal and external networks. Most traced to Asian countries. Anyone else seeing this? >Received: (qmail 16964 invoked from network); 20 Aug 2003 03:58:07 -0000 >Received: from outgoing3.securityfocus.com (205.206.231.27) > by mail.securityfocus.com with SMTP; 20 Aug 2003 03:58:07 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing3.securityfocus.com (Postfix) with QMQP > id 86B45A406D; Tue, 19 Aug 2003 21:58:28 -0600 (MDT) >Mailing-List: contact incidents-helpat_private; run by ezmlm >Precedence: bulk >List-Id: <incidents.list-id.securityfocus.com> >List-Post: <mailto:incidentsat_private> >List-Help: <mailto:incidents-helpat_private> >List-Unsubscribe: <mailto:incidents-unsubscribeat_private> >List-Subscribe: <mailto:incidents-subscribeat_private> >Delivered-To: mailing list incidentsat_private >Delivered-To: moderator for incidentsat_private >Received: (qmail 30349 invoked from network); 19 Aug 2003 20:12:52 -0000 >X-Originating-IP: [203.220.152.185] >X-Originating-Email: [morgs808at_private] >From: "morgs ." <morgs808at_private> >To: incidentsat_private >Subject: ICMP port 2048 scans >Date: Wed, 20 Aug 2003 12:17:12 +1000 >Mime-Version: 1.0 >Content-Type: text/plain; format=flowed >Message-ID: <Law15-F50f3sllNY30k0001b928at_private> >X-OriginalArrivalTime: 20 Aug 2003 02:17:13.0787 (UTC) FILETIME= [2B4FB0B0:01C366C1] > >Is it just me or is anyone else getting nailed every 1 minite from various >sources asking for a connection to port 2048. There seems to be various >services that use this port including things like router configuration and >ssh in some cases. Some new worm or virus maybe? > >_________________________________________________________________ >Hot chart ringtones and polyphonics. Go to >http://ninemsn.com.au/mobilemania/default.asp > > >------------------------------------------------------------------------- -- >Captus Networks - Integrated Intrusion Prevention and Traffic Shaping > - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans > - Automatically Control P2P, IM and Spam Traffic > - Ensure Reliable Performance of Mission Critical Applications > - Precisely Define and Implement Network Security and Performance Policies >**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo >Visit us at: >http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 >------------------------------------------------------------------------- --- > > --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sat Aug 23 2003 - 14:05:06 PDT