Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

RE: Packets destined for ports 6970 and 6972
From: "Bell, James (AZ76)" <James.Bell () honeywell com>
Date: Wed, 18 Jul 2001 13:14:09 -0700
That could be adware from RealAudio or Quicktime streaming server, I
believe, although I've never gotten at much as you report here. Invariably,
when I track the source, it's a streaming server that someone has been
using.


-----Original Message-----
From: Elliott Perrin [mailto:eperrin () bigorbit com]
Sent: Wednesday, July 18, 2001 8:20 AM
To: INCIDENTS () securityfocus com
Subject: Packets destined for ports 6970 and 6972


For the past two days I have seen connection attempts to my 
firewall to
UDP ports 6970 and 6972 in the order of about 3500 attempts from
each of about 10 different IP's.

Here is a quick snip.... (note I log in vain hence the reason 
these show up in my
messages)

Jul 18 10:00:06 fw1 /kernel: Connection attempt to UDP 
xxx.xxx.xxx.xxx:6970 from
63.228.31.233:6972
Jul 18 10:00:06 fw1 /kernel: Connection attempt to UDP 
xxx.xxx.xxx.xxx:6970 from
63.228.31.233:6972
Jul 18 10:00:06 fw1 /kernel: Connection attempt to UDP 
xxx.xxx.xxx.xxx:6972 from
63.228.31.233:6972
Jul 18 10:00:06 fw1 last message repeated 13 times

Today's messages log which started at Midnight is already at 
35,000 lines
with the same as above only from different hosts. There are 
no services
running on my firewall, all servers run in a DMZ.

Just wondering if anyone else has seen this activity and has 
an idea about
what it may be, if this is a new attack or worm in the wild. 
My box is running
FreeBSD 4.3-STABLE and IPFILTER.

Cheers,
_________________________________
Elliott Perrin
Senior Systems Administrator
Biographix Corporation
eperrin () bigorbit com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



--------------------------------------------------------------
--------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com




----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]