Security Incidents mailing list archives
update on scans of tcp 12345 AUSCERT#36349
From: r.fulton () AUCKLAND AC NZ (Russell Fulton)
Date: Tue, 6 Jun 2000 09:26:32 +1200
Greetings,
I have now seen over 180 of these scans! 60 in the last 24
hours. One thing I have established since my last post is that these do
seem to be targetted at us. I have not had anyone else contact me to
say that they have seen these and I contacted the network admin of one
of the neighbouring class Bs (another NZ university -- we got our
addresses at the same time) and they have not seen any of these scans.
Whether the targeting is deliberate of not is anyones guess.
Oh, yes. Source addresses seem to be mostly dialup or cable/dsl
address and are spread around the world.
APNIC addresses (210.0.0.0/7) are over represented -- between third and
a half. Those that I looked up were predominantly Korean with a few in
Japan. There are quite a lot form home.com, sympatico.ca,
videotron.net, da.uu.net (cable providers?), and a smattering from
around the rest of the world including Europe.
The /24s on our net that are probed appear random with some being
probed more that once.
Cheers, Russell.
Current thread:
- update on scans of tcp 12345 AUSCERT#36349 Russell Fulton (Jun 05)
- Re: update on scans of tcp 12345 AUSCERT#36349 Shaw Terwilliger (Jun 08)
- unknown trojan (attached) Jeremy L. Gaddis (Jun 08)
- ** New DDoS / Trojan ** nine (Jun 10)
- Re: ** New DDoS / Trojan ** Pierre Vandevenne (Jun 12)
- Re: unknown trojan (attached) Brandon Kittler (Jun 10)
- Re: unknown trojan (attached) Doug Kahler (Jun 12)
- .:: 14x :: Information :: New DDoS/Trojan ::. Erik Tayler (Jun 13)
- Re: .:: 14x :: Information :: New DDoS/Trojan ::. Lic. Rodolfo Gonzalez Gonzalez (Jun 15)
- IRC connect through apache ???? arhuman () HOTMAIL COM (Jun 14)
- Re: IRC connect through apache ???? Eric Vyncke (Jun 15)
- ** New DDoS / Trojan ** nine (Jun 10)