[logs] Distributed attack on port 6398?

From: John Campbell (jcampbellat_private)
Date: Tue Mar 12 2002 - 12:13:41 PST

Next message: Sweth Chandramouli: "Re: [logs] Sentry/Counterpane how is it working ?"

Previous message: Alexandre Dulaunoy: "[logs] Sentry/Counterpane how is it working ?"
Next in thread: Alexandre Dulaunoy: "Re: [logs] Distributed attack on port 6398?"
Reply: Alexandre Dulaunoy: "Re: [logs] Distributed attack on port 6398?"
Reply: John Campbell: "RE: [logs] Distributed attack on port 6398?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

Very unusual activity noted on 3/11/2002:  hundreds of hosts packeting
one of our dns/email servers on port 6398.  Firewall bounced and logged
everything.  Sources all over the map but the majority look like ISP end
users.  Sources sent between 1 and 48 packets each.  Sorry no packet
trace - firewall just drops and logs.  Anybody seen anything like this?
A couple of days earlier, we had a number of hits on same box for 6346
(gnutella.)

Curious if anyone else has seen anything similar.

John Campbell, GCWN
Information Security Engineer
Washington School Information Processing Cooperative
(WSIPC)
Email: jcampbellat_private

---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Sweth Chandramouli: "Re: [logs] Sentry/Counterpane how is it working ?"
Previous message: Alexandre Dulaunoy: "[logs] Sentry/Counterpane how is it working ?"
Next in thread: Alexandre Dulaunoy: "Re: [logs] Distributed attack on port 6398?"
Reply: Alexandre Dulaunoy: "Re: [logs] Distributed attack on port 6398?"
Reply: John Campbell: "RE: [logs] Distributed attack on port 6398?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Mar 12 2002 - 12:52:54 PST