Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Port 1900/5000 connection attempts

From: cambria () owt com
Date: Thu, 21 Mar 2002 20:28:50 -0800
In the last couple of days I've started seeing connection attempts for ports 1900 and 5000.  I'm wondering if this is 
related to the UPNP vuln discovered last December by eEye Digital Security...

(http://www.eeye.com/html/Research/Advisories/AD20011220.html).

I have just started seeing these in the last week.  Is there a known exploit for this now?  Or is there an innocent 
explanation?  None of the connecting IP addresses are anywhere close to my own net address.  One is a register.com 
nameserver.  It appears to be an attempt to connect to specific machines rather than a network scan.


Mar 21 20:35:54 ws1 178: Mar 21 20:35:54: %SEC-6-IPACCESSLOGP: list 101 denied tcp 166.102.67.98(3074) -> 
x.x.x.33(1900), 1 packet
Mar 21 20:39:22 ws1 179: Mar 21 20:39:22: %SEC-6-IPACCESSLOGP: list 101 denied tcp 166.102.67.98(1384) -> 
x.x.x.33(1900), 1 packet
Mar 21 20:41:04 ws1 180: Mar 21 20:41:04: %SEC-6-IPACCESSLOGP: list 101 denied tcp 166.102.67.98(4495) -> 
x.x.x.33(5000), 1 packet
Mar 21 20:41:30 ws1 181: Mar 21 20:41:30: %SEC-6-IPACCESSLOGP: list 101 denied tcp 166.102.67.98(3074) -> 
x.x.x.33(1900), 1 packet
Mar 21 20:44:30 ws1 182: Mar 21 20:44:30: %SEC-6-IPACCESSLOGP: list 101 denied tcp 166.102.67.98(1384) -> 
x.x.x.33(1900), 1 packet
Mar 21 20:46:30 ws1 183: Mar 21 20:46:30: %SEC-6-IPACCESSLOGP: list 101 denied tcp 166.102.67.98(4495) -> 
x.x.x.33(5000), 1 packet
Mar 21 21:23:18 ws1 184: Mar 21 21:23:18: %SEC-6-IPACCESSLOGP: list 101 denied tcp 166.102.67.98(3450) -> 
x.x.x.33(1900), 1 packet
Mar 21 21:27:40 ws1 185: Mar 21 21:27:40: %SEC-6-IPACCESSLOGP: list 101 denied tcp 66.188.151.113(1025) -> 
x.x.x.33(1900), 1 packet
Mar 21 21:28:31 ws1 186: Mar 21 21:28:31: %SEC-6-IPACCESSLOGP: list 101 denied tcp 166.102.67.98(3450) -> 
x.x.x.33(1900), 1 packet
Mar 21 21:33:31 ws1 187: Mar 21 21:33:31: %SEC-6-IPACCESSLOGP: list 101 denied tcp 66.188.151.113(1025) -> 
x.x.x.33(1900), 2 packets
Mar 22 01:08:08 ws1 189: Mar 22 01:08:08: %SEC-6-IPACCESSLOGP: list 101 denied udp 216.21.234.88(53) -> x.x.x.76(1900), 
1 packet
Mar 22 01:13:38 ws1 190: Mar 22 01:13:38: %SEC-6-IPACCESSLOGP: list 101 denied udp 216.21.234.88(53) -> x.x.x.76(1900), 
2 packets





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: