| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <41BDD2D7.2010008@valhallalegends.com> From: iago at valhallalegends.com (Ron) Subject: TCP Port 42 port scans? What the heck over... Port 42 is WINS -- there is a new exploit for WINS in the wild, so I would imagine people are scanning for it. James Lay wrote: >Here they be. ODD. Anyone else seeing this? > >Dec 13 06:41:49 gateway kernel: Web netrecall drops:IN=br0 OUT=br0 >PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.1 LEN=40 TOS=0x00 >PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 >RES=0x00 SYN URGP=0 >Dec 13 06:41:49 gateway kernel: Web1 drops:IN=br0 OUT=br0 PHYSIN=eth1 >PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.18.1 LEN=40 TOS=0x00 PREC=0x00 >TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN >URGP=0 >Dec 13 06:41:49 gateway kernel: Web netrecall drops:IN=br0 OUT=br0 >PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.4 LEN=40 TOS=0x00 >PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 >RES=0x00 SYN URGP=0 >Dec 13 06:41:49 workbox kernel: IN=eth0 OUT= >MAC=00:60:97:a5:76:36:00:10:7b:90:bc:30:08:00 SRC=131.252.116.141 >DST=10.1.200.10 LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP >SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN URGP=0 >Dec 13 06:41:49 gateway kernel: Web netrecall drops:IN=br0 OUT=br0 >PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.7 LEN=40 TOS=0x00 >PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 >RES=0x00 SYN URGP=0 >Dec 13 06:41:49 gateway kernel: X12 drops:IN=br0 OUT=br0 PHYSIN=eth1 >PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.20.14 LEN=40 TOS=0x00 PREC=0x00 >TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN >URGP=0 >Dec 13 06:41:49 gateway kernel: Web netrecall drops:IN=br0 OUT=br0 >PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.2 LEN=40 TOS=0x00 >PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 >RES=0x00 SYN URGP=0 >Dec 13 06:41:49 gateway kernel: Htpedi drops:IN=br0 OUT=br0 PHYSIN=eth1 >PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.20.17 LEN=40 TOS=0x00 PREC=0x00 >TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN >URGP=0 >Dec 13 06:41:49 gateway kernel: Edirecall drops:IN=br0 OUT=br0 PHYSIN=eth1 >PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.20.12 LEN=40 TOS=0x00 PREC=0x00 >TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN >URGP=0 > > > >James Lay >Network Manager/Security Officer >AmeriBen Solutions/IEC Group >Deo Gloria!!! > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html > > > >
Powered by blists - more mailing lists