Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Scanning from source Port 220 for Port 21
From: Jamey Dillon <jamey.dillon () comcast net>
Date: 31 Mar 2004 16:28:05 -0000


We have in the last 5 weeks seen an increase of scanning from port 220 to FTP. 
The traffic appears to follow the charachteristics of the Dameware scanning of months past.
Has anyone else noticed this on their networks? Do you have any idea what tool/worm may be used to cause this activity?

The traffic is usually 1-5 packets but lately has resulted in up to 55 packets.
See below:
RouterLogs  Mar 29 10:11:39 UTC: %SEC-6-IPACCESSLOGP: list outsiders permitted tcp X.X.139.150(220) -> X.X.230.252(21), 
52 packets 
RouterLogs  Mar 29 10:11:37 UTC: %SEC-6-IPACCESSLOGP: list outsiders permitted tcp X.X.139.150(220) -> X.X.232.251(21), 
52 packets 
RouterLogs  Mar 29 10:11:35 UTC: %SEC-6-IPACCESSLOGP: list outsiders permitted tcp X.X.139.150(220) -> X.X.230.251(21), 
52 packets 
RouterLogs  Mar 29 10:11:22 UTC: %SEC-6-IPACCESSLOGP: list outsiders permitted tcp X.X.139.150(220) -> X.X.232.250(21), 
52 packets 
RouterLogs  Mar 29 10:11:11 UTC: %SEC-6-IPACCESSLOGP: list outsiders permitted tcp X.X.139.150(220) -> X.X.230.250(21), 
52 packets 
RouterLogs  Mar 29 10:11:09 UTC: %SEC-6-IPACCESSLOGP: list outsiders permitted tcp X.X.139.150(220) -> X.X.230.254(21), 
1 packet 
RouterLogs  Mar 29 10:11:06 UTC: %SEC-6-IPACCESSLOGP: list outsiders permitted tcp X.X.139.150(220) -> X.X.230.253(21), 
1 packet 
RouterLogs  Mar 29 10:11:04 UTC: %SEC-6-IPACCESSLOGP: list outsiders permitted tcp X.X.139.150(220) -> X.X.230.248(21), 
52 packets 

Thanks..

---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at 
http://www.securityfocus.com/sponsor/Astaro_incidents_040301
----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
  • Scanning from source Port 220 for Port 21 Jamey Dillon (Mar 31)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]