lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: ebowser at i-trap.net (Eric Bowser)
Subject: Fw: sharp increase on 27347/TCP

The IDS sensors I have outside the firewall only detected SYN packets
since the ports were blocked by the firewall.

On Wed, 2003-10-29 at 00:28, SPAM wrote:
> Same here.. but now it's dropping as fast as it raises.. did anyone manage
> to capture what's inside?
> 
> 
> ----- Original Message ----- 
> From: "Eric Bowser" <ebowser@...rap.net>
> To: <full-disclosure@...ts.netsys.com>
> Sent: Wednesday, October 29, 2003 4:51 AM
> Subject: Re: [Full-Disclosure] sharp increase on 27347/TCP
> 
> 
> > That's what I thought at first, but why the sudden interest in 27374
> > then?  Also, incidents.org is showing 200+ sources... that a whole
> > state's worth of dyslexic people...
> >
> > Incidents.org is now showing 1.1 million hits today alone.  Something
> > big just came out, but I can't figure out what...
> >
> >
> > On Tue, 2003-10-28 at 16:09, Will Image wrote:
> > > oh no its a dyslexic pereson scannin for Sub7!!! (27374)
> > >
> > > bah
> > >
> > > Joshua Levitsky <jlevitsk@...hie.com> wrote:
> > >         http://isc.incidents.org/port_details.html?port=27347
> > >
> > >         I'd say probably something is coming... that's a pretty sharp
> > >         spike on the
> > >         graph.
> > >
> > >         -Josh
> > >
> > >         --
> > >         Joshua Levitsky, MCSE, CISSP
> > >         System Engineer
> > >         Time Inc. Information Technology
> > >         [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
> > >
> > >         ----- Original Message ----- 
> > >         From: "Eric Bowser"
> > >         To:
> > >         Sent: Tuesday, October 28, 2003 12:44 PM
> > >         Subject: [Full-Disclosure] sharp increase on 27347/TCP
> > >
> > >
> > >         > I've noticed a sharp increase in probes of port 27347/TCP
> > >         against our
> > >         > equipment over the past couple of days. Zero hits for weeks,
> > >         58
> > >         > yesterday, and 224 so far today. Incidents.org seems to
> > >         confirm this,
> > >         > very light activity for weeks, and suddenly 781,000
> > >         yesterday and
> > >         > 938,000 so far today.
> > >         >
> > >         &! gt; Has anybody else seen this?
> > >         >
> > >         > -- 
> > >         > Eric J. Bowser
> > >         > 330.658.9858 direct
> > >         > 330.658.0123 fax
> > >         >
> > >         > i-TRAP Internet Security Services
> > >         > 888-658-TRAP toll-free
> > >         > 330.658.1040 local
> > >         > www.i-trap.net
> > >         >
> > >         > _______________________________________________
> > >         > Full-Disclosure - We believe in it.
> > >         > Charter:
> > >         http://lists.netsys.com/full-disclosure-charter.html
> > >         >
> > >
> > >         _______________________________________________
> > >         Full-Disclosure - We believe in it.
> > >         Charter: http://lists.netsys.com/full-disclosure-charter.html
> > >
> > > ______________________________________________________________________
> > > Do you Yahoo!?
> > > Exclusive Video Premiere - Britney Spears
> > -- 
> > Eric J. Bowser
> > 330.658.9858 direct
> > 330.658.0123 fax
> >
> > i-TRAP Internet Security Services
> > 888-658-TRAP toll-free
> > 330.658.1040 local
> > www.i-trap.net
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
-- 
Eric J. Bowser 
330.658.9858 direct 
330.658.0123 fax 

i-TRAP Internet Security Services 
888-658-TRAP toll-free 
330.658.1040 local 
www.i-trap.net


Powered by blists - more mailing lists