[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fw: [Full-Disclosure] sharp increase on 27347/TCP
- To: full-disclosure@netsys.com
- Subject: Re: Fw: [Full-Disclosure] sharp increase on 27347/TCP
- From: Eric Bowser <ebowser@i-trap.net>
- Date: Wed, 29 Oct 2003 09:13:56 -0500
The IDS sensors I have outside the firewall only detected SYN packets
since the ports were blocked by the firewall.
On Wed, 2003-10-29 at 00:28, SPAM wrote:
> Same here.. but now it's dropping as fast as it raises.. did anyone manage
> to capture what's inside?
>
>
> ----- Original Message -----
> From: "Eric Bowser" <ebowser@i-trap.net>
> To: <full-disclosure@lists.netsys.com>
> Sent: Wednesday, October 29, 2003 4:51 AM
> Subject: Re: [Full-Disclosure] sharp increase on 27347/TCP
>
>
> > That's what I thought at first, but why the sudden interest in 27374
> > then? Also, incidents.org is showing 200+ sources... that a whole
> > state's worth of dyslexic people...
> >
> > Incidents.org is now showing 1.1 million hits today alone. Something
> > big just came out, but I can't figure out what...
> >
> >
> > On Tue, 2003-10-28 at 16:09, Will Image wrote:
> > > oh no its a dyslexic pereson scannin for Sub7!!! (27374)
> > >
> > > bah
> > >
> > > Joshua Levitsky <jlevitsk@joshie.com> wrote:
> > > http://isc.incidents.org/port_details.html?port=27347
> > >
> > > I'd say probably something is coming... that's a pretty sharp
> > > spike on the
> > > graph.
> > >
> > > -Josh
> > >
> > > --
> > > Joshua Levitsky, MCSE, CISSP
> > > System Engineer
> > > Time Inc. Information Technology
> > > [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
> > >
> > > ----- Original Message -----
> > > From: "Eric Bowser"
> > > To:
> > > Sent: Tuesday, October 28, 2003 12:44 PM
> > > Subject: [Full-Disclosure] sharp increase on 27347/TCP
> > >
> > >
> > > > I've noticed a sharp increase in probes of port 27347/TCP
> > > against our
> > > > equipment over the past couple of days. Zero hits for weeks,
> > > 58
> > > > yesterday, and 224 so far today. Incidents.org seems to
> > > confirm this,
> > > > very light activity for weeks, and suddenly 781,000
> > > yesterday and
> > > > 938,000 so far today.
> > > >
> > > &! gt; Has anybody else seen this?
> > > >
> > > > --
> > > > Eric J. Bowser
> > > > 330.658.9858 direct
> > > > 330.658.0123 fax
> > > >
> > > > i-TRAP Internet Security Services
> > > > 888-658-TRAP toll-free
> > > > 330.658.1040 local
> > > > www.i-trap.net
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter:
> > > http://lists.netsys.com/full-disclosure-charter.html
> > > >
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.netsys.com/full-disclosure-charter.html
> > >
> > > ______________________________________________________________________
> > > Do you Yahoo!?
> > > Exclusive Video Premiere - Britney Spears
> > --
> > Eric J. Bowser
> > 330.658.9858 direct
> > 330.658.0123 fax
> >
> > i-TRAP Internet Security Services
> > 888-658-TRAP toll-free
> > 330.658.1040 local
> > www.i-trap.net
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
--
Eric J. Bowser
330.658.9858 direct
330.658.0123 fax
i-TRAP Internet Security Services
888-658-TRAP toll-free
330.658.1040 local
www.i-trap.net
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html