From owner-freebsd-security  Mon Aug 19 10:41:13 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BEA2437B400
	for <freebsd-security@freebsd.org>; Mon, 19 Aug 2002 10:41:08 -0700 (PDT)
Received: from mailhost.unt.edu (mailhost.unt.edu [129.120.209.40])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 22C5B43E65
	for <freebsd-security@freebsd.org>; Mon, 19 Aug 2002 10:41:08 -0700 (PDT)
	(envelope-from searle@unt.edu)
Received: from unt.edu (slink.unt.edu [129.120.32.80])
	by mailhost.unt.edu (8.11.4/8.11.4) with ESMTP id g7JHf4a15321
	for <freebsd-security@freebsd.org>; Mon, 19 Aug 2002 12:41:05 -0500 (CDT)
Message-ID: <3D612DB6.607@unt.edu>
Date: Mon, 19 Aug 2002 12:41:10 -0500
From: Curry Searle <searle@unt.edu>
Reply-To: searle@unt.edu
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1b) Gecko/20020721
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-security@freebsd.org
Subject: Scans of port 2002 - globe service
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Starting this morning, I've noticed MANY failed attempts coming through 
for requests to UDP port 2002.

Begin sample from logs:

Aug 19 12:34:04 davinci /kernel: Connection attempt to UDP 
*myipaddress*:2002 from 212.154.26.10:2002
Aug 19 12:34:04 davinci /kernel: Connection attempt to UDP 
*myipaddress*:2002 from 210.188.196.40:2002
Aug 19 12:34:04 davinci /kernel: Connection attempt to UDP 
*myipaddress*:2002 from 202.158.39.190:2002
Aug 19 12:34:04 davinci /kernel: Connection attempt to UDP 
*myipaddress*:2002 from 63.217.26.26:2002
Aug 19 12:34:04 davinci /kernel: Connection attempt to UDP 
*myipaddress*:2002 from 63.217.26.32:2002
Aug 19 12:34:04 davinci /kernel: Connection attempt to UDP 
*myipaddress*:2002 from 203.187.15.21:2002
Aug 19 12:34:04 davinci /kernel: Connection attempt to UDP 
*myipaddress*:2002 from 194.193.195.70:2002
Aug 19 12:34:04 davinci /kernel: Connection attempt to UDP 
*myipaddress*:2002 from 212.204.227.201:2002
Aug 19 12:34:05 davinci /kernel: Connection attempt to UDP 
*myipaddress*:2002 from 202.206.100.38:2002

End sample from logs:

 From the time-stamps, it appears that ~100 hosts are making this 
request once every minute.  Anyone else experiencing this behavior?  I 
have noticed that all the hosts I checked using Netcraft were running 
some version of unix, mostly FreeBSD and all were running apache with PHP.

-- 
____________________________________________________
Curry Searle               | Postmaster
searle@unt.edu             | Unix Hosts
www.cas.unt.edu/~searle    | Xiotech Support
College of Arts & Sciences | Win32 Desktop & Server
Computer Support Services  | Network HW & Protocols



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message