Security Incidents: unusual traffic

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

unusual traffic - port 60295

From: jdurick <jdurick () mitre org>
Date: Wed, 24 Mar 2004 22:46:50 -0500

I am seeing alot of hits to my external fw int at home to port60295/tcp, a quick google search says mailscanner, anyone else seeingthis type of traffic or can make sense of it? When I check on the hitcount (unique) - ra -nr all.arg | awk '{print $6}' | cut -d\. -f1-4|sort|uniq -c |sort -rn|head - I get 1165 hits from midnight (today) till10pm (today) from 67.162.208.7...


--snip--

24 Mar 04 22:16:35 tcp 67.162.208.71.91 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:35 tcp 67.162.208.71.482 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:35 tcp 67.162.208.71.38037 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:35 tcp 67.162.208.71.4480 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:35 tcp 67.162.208.71.895 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:35 tcp 67.162.208.71.13702 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:35 tcp 67.162.208.71.125 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:35 tcp 67.162.208.71.3128 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:35 tcp 67.162.208.71.339 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:35 tcp 67.162.208.71.985 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:35 tcp 67.162.208.71.13718 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:34 tcp 67.162.208.71.725 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:34 tcp 67.162.208.71.990 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:34 tcp 67.162.208.71.1351 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:34 tcp 67.162.208.71.994 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:34 tcp 67.162.208.71.485 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:34 tcp 67.162.208.71.3052 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:34 tcp 67.162.208.71.674 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:36 tcp 67.162.208.71.708 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:36 tcp 67.162.208.71.333 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:36 tcp 67.162.208.71.943 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:36 tcp 67.162.208.71.14 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:36 tcp 67.162.208.71.486 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:36 tcp 67.162.208.71.188 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:36 tcp 67.162.208.71.27007 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:36 tcp 67.162.208.71.830 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:36 tcp 67.162.208.71.6111 ?>xx.xx.xxx.xxx.60295 RST24 Mar 04 22:16:36 tcp 67.162.208.71.349 ?>xx.xx.xxx.xxx.60295 RST

--snip--

tia, jd


---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial athttp://www.securityfocus.com/sponsor/Astaro_incidents_040301

----------------------------------------------------------------------------

By Date By Thread

Current thread:

unusual traffic - port 60295 jdurick (Mar 25)