Network Security: Detailed info on RE: Increase seen in port probes since Tuesday afternoon

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

RE: Increase seen in port probes since Tuesday afternoon

from [James C Slora Jr] Network Security

[Permanent Link]

Subject:	RE: Increase seen in port probes since Tuesday afternoon
Date:	Thu, 30 Dec 2004 14:44:51 -0500

BahdKo wrote Thursday, December 30, 2004 04:23

Since Tuesday afternoon EST I've seen a dramatic increase in 
the number of machines probing my network on ports 2745, 
1025, 3127, 6129, and usually 80. Each probe involves the 
machine sending three packets to each port.


Yes from time to time. The port pattern is typical of many botnets, many of
which will focus multiple drones against a particular IP space for a while. 

Packet captures might reveal whether there is anything new or interesting
about any of the individual probes. The three packets would probably be
standard Syn retries. Again a packet capture would show whether or not this
is the case. If a destination device is listening on any of those ports, a
packet capture might also give an indication about whether there is some new
payload.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Increase seen in port probes since Tuesday afternoon, BahdKo RE: Increase seen in port probes since Tuesday afternoon, M. Shirk RE: Increase seen in port probes since Tuesday afternoon, James C Slora Jr <= RE: Increase seen in port probes since Tuesday afternoon, Michael Re: Increase seen in port probes since Tuesday afternoon, Jeff Kell Re: Increase seen in port probes since Tuesday afternoon, Martin Mačok

Previous by Date:	RE: Increase seen in port probes since Tuesday afternoon, M. Shirk
Next by Date:	Re: Increase seen in port probes since Tuesday afternoon, Martin Mačok
Previous by Thread:	RE: Increase seen in port probes since Tuesday afternoon, M. Shirk
Next by Thread:	RE: Increase seen in port probes since Tuesday afternoon, Michael
Indexes:	[Date] [Thread] [Top] [All Lists]