Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: UDP Probes (?) from port 28432 to 28431 ?

Re: UDP Probes (?) from port 28432 to 28431 ?

From: Alexander Schreiber <Alexander.Schreiber_at_INFORMATIK.TU-CHEMNITZ.DE>
Date: Tue, 7 Mar 2000 15:12:27 +0100

Hi !

On Sat, 4 Mar 2000, Xander Jansen wrote:

> Has anyone seen UDP subnet-sweeps to port 28431 ? We've received a few
> reports the last months about rather persistent and recurring subnet-scans
> targetted at this specific port. All the probes are short UDP packets with
> source port 28432 and destination port 28431. Typical pattern is also that
> within a few seconds a complete subnet (/24 for example) is probed on this

Yes, a client of mine has two IP which are visible on the outside and they
are regularly receiving these probes (not exactly - the firewall on the border
is logging and dropping those packets). First detected on Jan 4 00:17:35
(MET), 27 attempts today, last Mar 6 19:41:25 (MET). The packets aimed
at the two visible IP's come in within one second.

Sources are Dialups all over the world (including one from the
Arabian Emirates) - as usual.

Regards,
       Alex. 

--
------------------------------------------------------------------------------
 EMail : als@thangorodrim.de              | WWW : http://www.thangorodrim.de/
 If privacy is outlawed, only outlaws will have | Ceterum censeo Parva Mollia
 privacy. (Philip Zimmerman, author of PGP)     | esse delendam.
Received on Mar 07 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos