[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] TCP Port 42 port scans? What the heck over...
- To: "Full-Disclosure (E-mail)" <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: RE: [Full-Disclosure] TCP Port 42 port scans? What the heck over...
- From: "Dolan, Patrick" <Patrick.Dolan@xxxxxxxx>
- Date: Mon, 13 Dec 2004 11:13:02 -0600
Could perhaps be the beginning of a worm/cracker searching for the WINS
vulnerability.
http://www.securityfocus.com/archive/1/382414
Patrick Dolan
Information Security Analyst
-----Original Message-----
From: James Lay [mailto:jlay@xxxxxxxxxxxx]
Sent: Monday, December 13, 2004 7:47 AM
To: Full-Disclosure (E-mail)
Subject: [Full-Disclosure] TCP Port 42 port scans? What the heck over...
Here they be. ODD. Anyone else seeing this?
Dec 13 06:41:49 gateway kernel: Web netrecall drops:IN=br0 OUT=br0
PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.1 LEN=40
TOS=0x00
PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535
RES=0x00 SYN URGP=0
Dec 13 06:41:49 gateway kernel: Web1 drops:IN=br0 OUT=br0 PHYSIN=eth1
PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.18.1 LEN=40 TOS=0x00 PREC=0x00
TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN
URGP=0
Dec 13 06:41:49 gateway kernel: Web netrecall drops:IN=br0 OUT=br0
PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.4 LEN=40
TOS=0x00
PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535
RES=0x00 SYN URGP=0
Dec 13 06:41:49 workbox kernel: IN=eth0 OUT=
MAC=00:60:97:a5:76:36:00:10:7b:90:bc:30:08:00 SRC=131.252.116.141
DST=10.1.200.10 LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP
SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN URGP=0
Dec 13 06:41:49 gateway kernel: Web netrecall drops:IN=br0 OUT=br0
PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.7 LEN=40
TOS=0x00
PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535
RES=0x00 SYN URGP=0
Dec 13 06:41:49 gateway kernel: X12 drops:IN=br0 OUT=br0 PHYSIN=eth1
PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.20.14 LEN=40 TOS=0x00
PREC=0x00
TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN
URGP=0
Dec 13 06:41:49 gateway kernel: Web netrecall drops:IN=br0 OUT=br0
PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.2 LEN=40
TOS=0x00
PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535
RES=0x00 SYN URGP=0
Dec 13 06:41:49 gateway kernel: Htpedi drops:IN=br0 OUT=br0 PHYSIN=eth1
PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.20.17 LEN=40 TOS=0x00
PREC=0x00
TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN
URGP=0
Dec 13 06:41:49 gateway kernel: Edirecall drops:IN=br0 OUT=br0
PHYSIN=eth1
PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.20.12 LEN=40 TOS=0x00
PREC=0x00
TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN
URGP=0
James Lay
Network Manager/Security Officer
AmeriBen Solutions/IEC Group
Deo Gloria!!!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Disclaimer:
This electronic message, including any attachments, is confidential and
intended solely for use of the intended recipient(s). This message may contain
information that is privileged or otherwise protected from disclosure by
applicable law. Any unauthorized disclosure, dissemination, use or reproduction
is strictly prohibited. If you have received this message in error, please
delete it and notify the sender immediately.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html