Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: scan log

Re: scan log

From: Ex Machina <xm_at_GEEKMAFIA.DYNIP.COM>
Date: Wed, 14 Jun 2000 18:07:37 -0400

It might be noted that the connection is originating from TCP port 20, the
FTP data port and is likely an FTP bounce scan as described by Hobbit and
implimented in nmap.

Ex Machina (xm@geekmafia.dynip.com) http://geekmafia.dynip.com/~xm/
phone: 1-877-LPT-WHIP icq: 3387005 aim: ExMachina
GnuPG Keyprint: 0627 C3A8 DE25 F7FB 46BD 4870 2006 CF7F EBDA 949D

On Tue, 13 Jun 2000, Paul Rogers wrote:

> Date: Tue, 13 Jun 2000 09:02:46 +0100
> From: Paul Rogers <paul.rogers_at_MIS-CDS.COM>
> To: INCIDENTS_at_SECURITYFOCUS.COM
> Subject: Re: scan log
>
> Hi,
>
> TCP port 2638 is the default port for Sybase's Adaptive Server Anywhere
> version 6.x Database Server software. I think you'll find that the scanner
> was looking for an active Sybase database server on your system.
>
> HTH,
>
> Paul Rogers,
> Network Security Analyst.
>
> MIS Corporate Defence Solutions Limited
>
> Tel: +44 (0)1622 723422 (Direct Line)
> +44 (0)1622 723400 (Switchboard)
> Fax: +44 (0)1622 728580
> Website: http://www.mis-cds.com/
>
> -----Original Message-----
> From: Max Gribov [mailto:mgribov_at_KPLAB.COM]
> Sent: Monday, June 12, 2000 4:31 AM
> To: INCIDENTS_at_SECURITYFOCUS.COM
> Subject: scan log
>
>
> this are logs of a port scan i have recently recieved on one of my
> machines. i searched for those ports in all known port databases to me,
> but couldnt find anything. why would someone scan that specific range
> (observe the precise inrementation) of ports on a linux machine?
>
> Jun 11 22:20:21 mordor scanlogd: From 209.3.31.70:20 to 151.202.106.23
> ports 2632, 2633, 2634, 2635, 2636, 2637, 2638, 2639, 2640, ..., flags
> ??r??u, TOS 00, TTL 60, started at 22:20:13
>
>
> --
> Max Gribov
> System Administrator
>
> Knowledge Propulsion Laboratories
> www.kplab.com
>
>
> **********************************************************************
> The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the addressee. If you are not the addressee any disclosure, reproduction, distribution or other dissemination or use of this communications is strictly prohibited.
>
> The views expressed in this e-mail are those of the individual and not necessarily of MIS Corporate Defense Solutions Ltd. Any prices quoted are only valid if followed up by a formal written quote.
>
> If you have received this transmission in error, please contact our Security Manager on 44 (0) 1622 723400.
> **********************************************************************
>
Received on Jun 14 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos