From owner-freebsd-security Sat Aug 15 11:20:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA21390 for freebsd-security-outgoing; Sat, 15 Aug 1998 11:20:51 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fluxnet.windsor.igs.net (fluxnet.windsor.igs.net [207.210.20.254]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA21382 for ; Sat, 15 Aug 1998 11:20:46 -0700 (PDT) (envelope-from freebsd@fluxnet.windsor.igs.net) From: freebsd@fluxnet.windsor.igs.net Received: from localhost (freebsd@localhost) by fluxnet.windsor.igs.net (8.9.0/8.8.7) with SMTP id OAA04241; Sat, 15 Aug 1998 14:19:05 -0400 Date: Sat, 15 Aug 1998 14:19:05 -0400 (EDT) X-Sender: freebsd@FluXNeT.on.ca To: Roger Marquis cc: security@FreeBSD.ORG Subject: Re: Scans to ports 1090 and 1080 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Most likely a wingate scanner > Has anyone heard of vulnerabilities on ports 1080 or 1090? These look > like straight scans otherwise. > > Roger Marquis > Roble Systems Consulting > http://www.roble.com/ > > >Aug 13 04:40:37 local0 13 deny: TCP from 207.139.170.105.16028 to 205.7.40.2.1080 seq 626CE99, ack 0x0, win 512, SYN > >Aug 13 04:40:37 local1 /kernel: Connection attempt to TCP 205.7.40.21:1080 from 207.139.170.105:16348 > >Aug 13 04:40:37 local1 /kernel: Connection attempt to TCP 205.7.40.26:1080 from 207.139.170.105:16448 > >Aug 13 04:40:37 local1 /kernel: Connection attempt to TCP 205.7.40.32:1080 from 207.139.170.105:16973 > >Aug 13 04:40:37 local1 /kernel: Connection attempt to TCP 205.7.40.33:1080 from 207.139.170.105:17008 > >Aug 13 04:40:37 local1 /kernel: Connection attempt to TCP 205.7.40.34:1080 from 207.139.170.105:17009 > >Aug 13 04:40:37 local1 /kernel: Connection attempt to TCP 205.7.40.35:1080 from 207.139.170.105:17022 > >Aug 13 04:40:37 local1 /kernel: Connection attempt to TCP 205.7.40.41:1080 from 207.139.170.105:17218 > >Aug 13 04:40:39 local1 /kernel: Connection attempt to TCP 205.7.40.255:1080 from 207.139.170.105:20991 > >Aug 14 21:17:54 local0 13 deny: TCP from 24.128.144.110.18556 to 205.7.40.2.1090 seq DFDFBE08, ack 0x0, win 512, SYN > >Aug 14 21:17:55 local /kernel: Connection attempt to TCP 205.7.40.21:1090 from 24.128.144.110:18627 > >Aug 14 21:17:55 local /kernel: Connection attempt to TCP 205.7.40.26:1090 from 24.128.144.110:18769 > >Aug 14 21:17:55 local /kernel: Connection attempt to TCP 205.7.40.61:1090 from 24.128.144.110:19383 > >Aug 14 21:17:55 local /kernel: Connection attempt to TCP 205.7.40.52:1090 from 24.128.144.110:19363 > >Aug 14 21:19:49 local3 /kernel: Connection attempt to TCP 205.7.40.63:1090 from 24.128.144.110:19474 > >Aug 14 21:17:55 local /kernel: Connection attempt to TCP 205.7.40.53:1090 from 24.128.144.110:19375 > >Aug 14 21:17:55 local /kernel: Connection attempt to TCP 205.7.40.54:1090 from 24.128.144.110:19376 > >Aug 14 21:17:55 local /kernel: Connection attempt to TCP 205.7.40.55:1090 from 24.128.144.110:19377 > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message