[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1075319976.13432.740.camel@localhost>
From: dan at losangelescomputerhelp.com (Daniel H. Renner)
Subject: Port scans from a Dedicated Micro Digital Sprite II
A client of ours had a Dedicated Micro Digital Sprite II multiple camera
monitor with web server system installed. Manufacturer product details
are here:
http://dedicatedmicros.com/dedicatedmicros/product/ds2/ds2_main.html
The unit's setup was changed from the original as below to as follows in
an attempt to remove the router from the equation:
Internet --- DSL modem --- switch --- DS2 with public IP
Concurrent with EVERY attempt to access the DS2, a port scan was
initiated from the DS2's address at the visiting address, and this can
be reproduced at will. For scan logs, see original email to vendor
below. (Public IPs modified.)
The emails which follow this bit of rambling were sent to the correct
tech support email address per the support webpage:
http://dedicatedmicros.com/dedicatedmicros/support/supindex.html
with the addres of:
ussupport@...cros.com
On 21 Jan 2004 11:56:49 and again on 25 Jan 2004 22:58:45 with no
response whatsoever.
Cheers,
Dan Renner
-----Forwarded Message-----
From: Daniel H. Renner <dan@...angelescomputerhelp.com>
To: ussupport@...cros.com
Subject: [Fwd: Port scans from a DS2]
Date: 25 Jan 2004 22:58:45 -0800
I have received no answer whatsoever on this email - this is not exactly
professional treatment.
Would you please tell me what is going on and why I should be receiving
port scans from this device?
--
Thank you,
Dan Renner
President
Los Angeles Computerhelp
http://losangelescomputerhelp.com
818.352.8700
-----Forwarded Message-----
From: Daniel H. Renner <dan@...angelescomputerhelp.com>
To: ussupport@...cros.com
Subject: Port scans from a DS2
Date: 21 Jan 2004 11:56:49 -0800
Hello,
One of our clients has had your Digital Sprite 2 installed and we have
connected it to the network for the owner's remote viewing.
In our testing of the setup, we noticed that the unit was port-scanning
our location during the connection. Full firewall IDS log entries
during the effected time follow.
EVERY SINGLE ONE of the portscans were from the IP address of the DS2.
And EVERY SINGLE ONE of the port-scans were immediately after connection
to the DS2.
The network layout is as follows:
Internet --> hardware router (TCP 80 port-forwarded to DS2) --> DS2
What the heck is going on here!?
Also, once one is logged into the server, one is logged in forever, even
after reboot there is no login required... That doesn't seem too
healthy if the owner wants to check from an Internet cafe...
--
Thank you,
Dan Renner
President
Los Angeles Computerhelp
http://losangelescomputerhelp.com
818.352.8700
Date: 01/21 12:15:25 Name: (spp_portscan2) Portscan detected from
xxx.xxx.xxx.xxx: 1 targets 21 ports in 31 seconds
Priority: n/a Type: n/a
IP info: xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:1614
References: none found SID: n/a
Date: 01/21 12:15:35 Name: (spp_portscan2) Portscan detected from
xxx.xxx.xxx.xxx: 1 targets 21 ports in 5 seconds
Priority: n/a Type: n/a
IP info: xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:1647
References: none found SID: n/a
Date: 01/21 12:18:21 Name: (spp_portscan2) Portscan detected from
xxx.xxx.xxx.xxx: 1 targets 21 ports in 11 seconds
Priority: n/a Type: n/a
IP info: xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:1690
References: none found SID: n/a
Date: 01/21 12:19:39 Name: (spp_portscan2) Portscan detected from
xxx.xxx.xxx.xxx: 1 targets 21 ports in 28 seconds
Priority: n/a Type: n/a
IP info: xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:1757
References: none found SID: n/a
Date: 01/21 12:23:40 Name: (spp_portscan2) Portscan detected from
xxx.xxx.xxx.xxx: 1 targets 21 ports in 24 seconds
Priority: n/a Type: n/a
IP info: xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:1790
References: none found SID: n/a
Date: 01/21 12:24:51 Name: (spp_portscan2) Portscan detected from
xxx.xxx.xxx.xxx: 1 targets 21 ports in 6 seconds
Priority: n/a Type: n/a
IP info: xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:1876
References: none found SID: n/a
Date: 01/21 12:25:46 Name: ICMP PING CyberKit 2.2 Windows
Priority: 3 Type: Misc activity
IP info: 4.60.201.59:n/a -> xxx.xxx.xxx.xxx:n/a
References: none found SID: 483
Date: 01/21 12:25:55 Name: ICMP PING CyberKit 2.2 Windows
Priority: 3 Type: Misc activity
IP info: 4.63.151.175:n/a -> xxx.xxx.xxx.xxx:n/a
References: none found SID: 483
Date: 01/21 12:25:58 Name: (spp_portscan2) Portscan detected from
xxx.xxx.xxx.xxx: 1 targets 21 ports in 13 seconds
Priority: n/a Type: n/a
IP info: xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:1916
References: none found SID: n/a
Date: 01/21 12:26:41 Name: ICMP PING CyberKit 2.2 Windows
Priority: 3 Type: Misc activity
IP info: 4.63.99.139:n/a -> xxx.xxx.xxx.xxx:n/a
References: none found SID: 483
Date: 01/21 12:27:17 Name: (spp_portscan2) Portscan detected from
xxx.xxx.xxx.xxx: 1 targets 21 ports in 22 seconds
Priority: n/a Type: n/a
IP info: xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:2026
References: none found SID: n/a
Date: 01/21 12:27:54 Name: ICMP PING CyberKit 2.2 Windows
Priority: 3 Type: Misc activity
IP info: 4.60.61.255:n/a -> xxx.xxx.xxx.xxx:n/a
References: none found SID: 483
Date: 01/21 12:28:28 Name: ICMP PING CyberKit 2.2 Windows
Priority: 3 Type: Misc activity
IP info: 4.60.125.230:n/a -> xxx.xxx.xxx.xxx:n/a
References: none found SID: 483
Date: 01/21 12:29:05 Name: ICMP PING CyberKit 2.2 Windows
Priority: 3 Type: Misc activity
IP info: 4.65.254.95:n/a -> xxx.xxx.xxx.xxx:n/a
References: none found SID: 483
Date: 01/21 12:31:11 Name: ICMP PING CyberKit 2.2 Windows
Priority: 3 Type: Misc activity
IP info: 4.62.214.48:n/a -> xxx.xxx.xxx.xxx:n/a
References: none found SID: 483
Date: 01/21 12:32:03 Name: (spp_portscan2) Portscan detected from
xxx.xxx.xxx.xxx: 1 targets 21 ports in 4 seconds
Priority: n/a Type: n/a
IP info: xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:2124
References: none found SID: n/a
Date: 01/21 12:32:13 Name: (spp_portscan2) Portscan detected from
xxx.xxx.xxx.xxx: 1 targets 21 ports in 2 seconds
Priority: n/a Type: n/a
IP info: xxx.xxx.xxx.xxx:80 -> xxx.xxx.xxx.xxx:2154
References: none found SID: n/a
Powered by blists - more mailing lists