Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Increase in UDP Port Scans

From: "Cesar Osorio" <COsorio () awb com au>
Date: Tue, 12 Aug 2003 10:03:11 +1000

Ranjeet,

There is a Microsoft worm on the wild,  and for what you are saying it
seems like some of  your clients are infected with it, check Mcaffee or
Sophos or ther vendors websites they have instructions on how to remove it,
I hope you are using a good virus scanner.

make sure you have a firewall protecting your users and block all incomming
to via port 135-139, 445 , anyway read on.

Hope this helps..

.......wait I will send you a link
https://tms.symantec.com/members/AnalystReports/030811-Alert-DCOMworm.pdf



Cesar Osorio



                                                                                                       
                      Ranjeet Shetye                                                                   
                      <ranjeet.shetye2@         To:      security-basics () securityfocus com             
                      zultys.com>               cc:                                                    
                                                Subject: Re: Increase in UDP Port Scans                
                      12/08/2003 09:25                                                                 
                                                                                                       
                                                                                                       




On Mon, 2003-08-11 at 08:19, Gordon Brandt wrote:

I have noticed the following port scans lately on my network

08/11/2003 05:14:22.112 -          Possible Port Scan -

Source:24.52.108.213, 1745,

WAN -            Destination:255.255.255.255, 7782, LAN -

UDP scanned port list,

8777, 8777, 7778, 7779, 7780 -
08/11/2003 05:14:22.128 -          Probable Port Scan -

Source:24.52.108.213, 1745,

WAN -            Destination:255.255.255.255, 7787, LAN -

UDP scanned port list,

8777, 8777, 7778, 7779, 7780, 7781, 7782, 7783, 7784, 7785 -


I did a little digging with google, and it appears that these ports are

used

by Unreal Tournament servers.  So, after seeing this, I relaxed a little
thinking that someone had just gotten a new game.  This morning, I

checked

my email, and I have a significant amount of these messages, coming into
different branch offices (we use cable/dsl for internet access) so it

can't

just be one person with a new pc.

Anyone else seeing this?

Gordon Brandt
Network Engineer
AP Wagner, Inc.
gbrandt () apwagner com




---------------------------------------------------------------------------



----------------------------------------------------------------------------


Not to deflect attention from any possible intrusion attempts, but if
this happens primarily over the weekends or after-hours, your office
might be inhabitated by a bunch of gamers who cannot afford broadband at
home, and are using the office high speed connections to get their fix.
:D

Since I play UT once in a while (on my home DSL), I can understand their
need for a low ping.

--

Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye2 at Zultys dot com
http://www.zultys.com/

The views, opinions, and judgements expressed in this message are solely
those of the author. The message contents have not been reviewed or
approved by Zultys.



---------------------------------------------------------------------------
----------------------------------------------------------------------------








---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: