Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Strange traffic

Strange traffic

From: <auto230111_at_hushmail.com>
Date: Wed, 5 Sep 2001 17:22:23 -0700

Over the past 2 weeks we've started to recieved some pretty
strange traffic which has been stopped at our border. The
$TARGET host in each case is the same.

Q. Has anyone seen anything like this? Any thoughts??

thx.

Aug 22 16:42:04 8/0/icmp $TARGET <- 204.71.128.148 98
Aug 22 16:42:06 8/0/icmp $TARGET <- 204.71.128.148 98
Aug 22 16:42:15 tcp $TARGET;22 <- 204.71.128.148;1024 54 syn
Aug 22 16:42:20 tcp $TARGET;22 <- 204.71.128.148;1024 54 syn
Aug 22 16:42:25 tcp $TARGET;53 <- 204.71.128.148;1024 54 syn
Aug 22 16:42:30 tcp $TARGET;123 <- 204.71.128.148;1024 54 syn
Aug 22 16:42:35 tcp $TARGET;113 <- 204.71.128.148;1024 54 syn

Aug 25 14:38:33 8/0/icmp $TARGET <- 204.71.128.148 98
Aug 25 14:38:34 8/0/icmp $TARGET <- 204.71.128.148 98
Aug 25 14:38:44 tcp $TARGET;22 <- 204.71.128.148;1024 54 syn
Aug 25 14:38:49 tcp $TARGET;22 <- 204.71.128.148;1024 54 syn
Aug 25 14:38:54 tcp $TARGET;53 <- 204.71.128.148;1024 54 syn
Aug 25 14:38:59 tcp $TARGET;123 <- 204.71.128.148;1024 54 syn
Aug 25 14:39:04 tcp $TARGET;113 <- 204.71.128.148;1024 54 syn

Aug 27 13:59:02 8/0/icmp $TARGET <- 204.71.128.148 98
Aug 27 13:59:03 8/0/icmp $TARGET <- 204.71.128.148 98
Aug 27 13:59:13 tcp $TARGET;22 <- 204.71.128.148;1024 54 syn
Aug 27 13:59:18 tcp $TARGET;22 <- 204.71.128.148;1024 54 syn
Aug 27 13:59:23 tcp $TARGET;53 <- 204.71.128.148;1024 54 syn
Aug 27 13:59:28 tcp $TARGET;123 <- 204.71.128.148;1024 54 syn
Aug 27 13:59:33 tcp $TARGET;113 <- 204.71.128.148;1024 54 syn

Aug 29 14:01:46 8/0/icmp $TARGET <- 204.71.128.148 98
Aug 29 14:01:47 8/0/icmp $TARGET <- 204.71.128.148 98
Aug 29 14:01:57 tcp $TARGET;22 <- 204.71.128.148;1024 54 syn
Aug 29 14:02:03 tcp $TARGET;22 <- 204.71.128.148;1024 54 syn
Aug 29 14:02:07 tcp $TARGET;53 <- 204.71.128.148;1024 54 syn
Aug 29 14:02:12 tcp $TARGET;123 <- 204.71.128.148;1024 54 syn
Aug 29 14:02:17 tcp $TARGET;113 <- 204.71.128.148;1024 54 syn

Aug 31 14:57:16 8/0/icmp $TARGET <- 204.71.128.148 98
Aug 31 14:57:16 8/0/icmp $TARGET <- 204.71.128.148 98
Aug 31 14:57:26 tcp $TARGET;22 <- 204.71.128.148;1024 54 syn
Aug 31 14:57:31 tcp $TARGET;22 <- 204.71.128.148;1024 54 syn
Aug 31 14:57:36 tcp $TARGET;53 <- 204.71.128.148;1024 54 syn
Aug 31 14:57:41 tcp $TARGET;123 <- 204.71.128.148;1024 54 syn
Aug 31 14:57:46 tcp $TARGET;113 <- 204.71.128.148;1024 54 syn

Sep 1 10:45:39 8/0/icmp $TARGET <- 216.34.77.12 98
Sep 1 10:45:40 8/0/icmp $TARGET <- 216.34.77.12 98
Sep 1 10:45:50 tcp $TARGET;22 <- 216.34.77.12;1024 54 syn
Sep 1 10:45:55 tcp $TARGET;22 <- 216.34.77.12;1024 54 syn
Sep 1 10:46:00 tcp $TARGET;53 <- 216.34.77.12;1024 54 syn
Sep 1 10:46:05 tcp $TARGET;123 <- 216.34.77.12;1024 54 syn
Sep 1 10:46:10 tcp $TARGET;113 <- 216.34.77.12;1024 54 syn

Sep 2 16:45:29 8/0/icmp $TARGET <- 204.71.128.148 98
Sep 2 16:45:30 8/0/icmp $TARGET <- 204.71.128.148 98
Sep 2 16:45:40 tcp $TARGET;22 <- 204.71.128.148;1024 54 syn
Sep 2 16:45:45 tcp $TARGET;22 <- 204.71.128.148;1024 54 syn
Sep 2 16:45:50 tcp $TARGET;53 <- 204.71.128.148;1024 54 syn
Sep 2 16:45:55 tcp $TARGET;123 <- 204.71.128.148;1024 54 syn
Sep 2 16:46:00 tcp $TARGET;113 <- 204.71.128.148;1024 54 syn

Sep 3 12:49:38 8/0/icmp $TARGET <- 216.34.77.12 98
Sep 3 12:49:39 8/0/icmp $TARGET <- 216.34.77.12 98
Sep 3 12:49:49 tcp $TARGET;22 <- 216.34.77.12;1024 54 syn
Sep 3 12:49:54 tcp $TARGET;22 <- 216.34.77.12;1024 54 syn
Sep 3 12:49:58 tcp $TARGET;53 <- 216.34.77.12;1024 54 syn
Sep 3 12:50:03 tcp $TARGET;123 <- 216.34.77.12;1024 54 syn
Sep 3 12:50:08 tcp $TARGET;113 <- 216.34.77.12;1024 54 syn

Sep 4 19:08:58 8/0/icmp $TARGET <- 204.71.128.148 98
Sep 4 19:08:59 8/0/icmp $TARGET <- 204.71.128.148 98
Sep 4 19:09:09 tcp $TARGET;22 <- 204.71.128.148;1024 54 syn
Sep 4 19:09:14 tcp $TARGET;22 <- 204.71.128.148;1024 54 syn
Sep 4 19:09:19 tcp $TARGET;53 <- 204.71.128.148;1024 54 syn
Sep 4 19:09:24 tcp $TARGET;123 <- 204.71.128.148;1024 54 syn
Sep 4 19:09:29 tcp $TARGET;113 <- 204.71.128.148;1024 54 syn

Sep 5 15:28:51 8/0/icmp $TARGET <- 216.34.77.12 98
Sep 5 15:28:52 8/0/icmp $TARGET <- 216.34.77.12 98
Sep 5 15:29:02 tcp $TARGET;22 <- 216.34.77.12;1024 54 syn
Sep 5 15:29:07 tcp $TARGET;22 <- 216.34.77.12;1024 54 syn
Sep 5 15:29:12 tcp $TARGET;53 <- 216.34.77.12;1024 54 syn
Sep 5 15:29:17 tcp $TARGET;123 <- 216.34.77.12;1024 54 syn
Sep 5 15:29:22 tcp $TARGET;113 <- 216.34.77.12;1024 54 syn

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Sep 06 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos