|
Security Incidents
mailing list archives
Re: TCP port 5000 syn increasing
From: Andreas <andreas () conectiva com br>
Date: Mon, 17 May 2004 12:31:31 -0300
On Sun, May 16, 2004 at 08:49:06PM -0400, Rohny Jotton wrote:
I'm seeing a large amount of these attempts starting around 1:00 PM EST
Sunday. They're getting blocked at the edge so I don't have any more info
than that. I'm seeing about one a second from various hosts/networks.
I'm seeing a lot of these too:
[root () maestro root]# grep DPT=5000 /var/log/messages|wc -l
1110
Examples:
May 16 16:32:22 bach kernel: drop_log_in_ext IN=ppp0 OUT= MAC= SRC=201.3.193.43 DST=X.X.X.X LEN=48 TOS=0x00 PREC=0x00
TTL=122 ID=30617 DF PROTO=TCP SPT=4039 DPT=5000 WINDOW=8760 RES=0x00 SYN URGP=0
May 16 16:40:27 bach kernel: drop_log_in_ext IN=ppp0 OUT= MAC= SRC=200.193.162.104 DST=X.X.X.X LEN=48 TOS=0x00
PREC=0x00 TTL=127 ID=59239 DF PROTO=TCP SPT=1540 DPT=5000 WINDOW=16384 RES=0x00 SYN URGP=0
May 16 16:43:12 bach kernel: drop_log_in_ext IN=ppp0 OUT= MAC= SRC=200.255.46.62 DST=X.X.X.X LEN=48 TOS=0x00 PREC=0x00
TTL=119 ID=54833 DF PROTO=TCP SPT=3355 DPT=5000 WINDOW=16384 RES=0x00 SYN URGP=0
May 16 16:43:26 bach kernel: drop_log_in_ext IN=ppp0 OUT= MAC= SRC=200.193.27.31 DST=X.X.X.X LEN=48 TOS=0x00 PREC=0x00
TTL=123 ID=14712 DF PROTO=TCP SPT=2046 DPT=5000 WINDOW=65535 RES=0x00 SYN URGP=0
It continues even today
---------------------------------------------------------------------------
----------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
Re: TCP port 5000 syn increasing Leonardo (May 17)
| 
Intro
