lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: iago at valhallalegends.com (Ron)
Subject: TCP Port 42 port scans?  What the heck over...

Port 42 is WINS -- there is a new exploit for WINS in the wild, so I 
would imagine people are scanning for it.

James Lay wrote:

>Here they be.  ODD.  Anyone else seeing this?
>
>Dec 13 06:41:49 gateway kernel: Web netrecall drops:IN=br0 OUT=br0
>PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.1 LEN=40 TOS=0x00
>PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535
>RES=0x00 SYN URGP=0  
>Dec 13 06:41:49 gateway kernel: Web1 drops:IN=br0 OUT=br0 PHYSIN=eth1
>PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.18.1 LEN=40 TOS=0x00 PREC=0x00
>TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN
>URGP=0  
>Dec 13 06:41:49 gateway kernel: Web netrecall drops:IN=br0 OUT=br0
>PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.4 LEN=40 TOS=0x00
>PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535
>RES=0x00 SYN URGP=0  
>Dec 13 06:41:49 workbox kernel: IN=eth0 OUT=
>MAC=00:60:97:a5:76:36:00:10:7b:90:bc:30:08:00 SRC=131.252.116.141
>DST=10.1.200.10 LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP
>SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN URGP=0 
>Dec 13 06:41:49 gateway kernel: Web netrecall drops:IN=br0 OUT=br0
>PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.7 LEN=40 TOS=0x00
>PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535
>RES=0x00 SYN URGP=0  
>Dec 13 06:41:49 gateway kernel: X12 drops:IN=br0 OUT=br0 PHYSIN=eth1
>PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.20.14 LEN=40 TOS=0x00 PREC=0x00
>TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN
>URGP=0  
>Dec 13 06:41:49 gateway kernel: Web netrecall drops:IN=br0 OUT=br0
>PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.2 LEN=40 TOS=0x00
>PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535
>RES=0x00 SYN URGP=0  
>Dec 13 06:41:49 gateway kernel: Htpedi drops:IN=br0 OUT=br0 PHYSIN=eth1
>PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.20.17 LEN=40 TOS=0x00 PREC=0x00
>TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN
>URGP=0  
>Dec 13 06:41:49 gateway kernel: Edirecall drops:IN=br0 OUT=br0 PHYSIN=eth1
>PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.20.12 LEN=40 TOS=0x00 PREC=0x00
>TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN
>URGP=0 
>
>
>
>James Lay
>Network Manager/Security Officer
>AmeriBen Solutions/IEC Group
>Deo Gloria!!!
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>  
>


Powered by blists - more mailing lists