Snort mailing list archives

RE: [Snort-sigs] Scan on tcp 13000

From: <Scheidell () secnap com>
Date: Tue, 18 Feb 2003 04:36:19 -0500

-----Original Message-----
From: Jeff Kell [mailto:jeff-kell () utc edu]
Sent: Tuesday, February 18, 2003 1:57 AM
To: Michael Scheidell
Cc: Bob Dehnhardt; 'Snort Users List'; baldwinl () mynetwatchman com
Subject: Re: [Snort-sigs] Scan on tcp 13000


Yep, coming out of columbia.edu.


I had 1702 hits in one tarpit, let me see if they're still stuck...
nope, but they should have been reported to DShield... yes!

source port = 13000, dest port = 13000

Source:  128.59.52.11 = mrl-sgi.mech.columbia.edu

Ended about 21:59 (UTC? Not sure what DShield reports)


Yep, same source as I saw.

they must have some trojan on.


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

RE: [Snort-sigs] Scan on tcp 13000 Scheidell (Feb 18)
- <Possible follow-ups>
- RE: Re: [Snort-sigs] Scan on tcp 13000 Everist, Benjamin S. (NASWI) (Feb 18)
- RE: Re: [Snort-sigs] Scan on tcp 13000 Alex Polevoy (Feb 18)
- RE: Re: [Snort-sigs] Scan on tcp 13000 Drew Stockman (Feb 18)
- RE: Re: [Snort-sigs] Scan on tcp 13000 Miller, Eoin (Feb 18)
  - RE: Re: [Snort-sigs] Scan on tcp 13000 twig les (Feb 18)