[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Massive Attacks from mistral.cz

To: <full-disclosure@lists.netsys.com>
Subject: [Full-Disclosure] Massive Attacks from mistral.cz
From: "Helmut Hauser" <helmut_hauser@hotmail.com>
Date: Tue, 23 Dec 2003 17:08:37 +0100

Hi List, we got massive attacks from several mistral.cz hosts.
Attacks were blocked but interesting thing is the port-range between
1000-2000.
Any new trojan/worm out ?

Number:       63791
Date:             22Dec2003
Time:            15:48:14
Type:            Log
Service:        1740
Source:         r2aa191.mistral.cz (62.245.90.191)
Protocol:       tcp
Source Port: 2732
Information:  TCP packet out of state: First packet isn't SYN
                     tcp_flags: RST-ACK

Number:       63801
Date:             22Dec2003
Time:            15:49:09
Type:            Log
Service:        1752
Source:         h240.brno.mistral.cz (62.245.103.240)
Protocol:       tcp
Source Port: 2680
Information:  TCP packet out of state: First packet isn't SYN
                     tcp_flags: RST-ACK

Number:       75161
Date:             23Dec2003
Time:            16:52:22
Type:            Log
Action:          Drop
Service:        1841
Source:         r2d216.mistral.cz (62.245.67.216)
Protocol:       tcp
Source Port: Remote_Storm (1025)
Information:  TCP packet out of state: First packet isn't SYN
                     tcp_flags: RST-ACK

Merry X-Mass

Helmut Hauser
Systemadministration EDV

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Removing ShKit Root Kit
Next by Date: Re: [Full-Disclosure] Removing ShKit Root Kit
Previous by thread: Re: [Full-Disclosure] visa XSS?
Next by thread: [Full-Disclosure] Long intevals on phase I rekey on VPN
Index(es):
- Date
- Thread