Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 19 Aug 2002 12:41:10 -0500
From:      Curry Searle <searle@unt.edu>
To:        freebsd-security@freebsd.org
Subject:   Scans of port 2002 - globe service
Message-ID:  <3D612DB6.607@unt.edu>
next in thread | raw e-mail | index | archive | help 
Starting this morning, I've noticed MANY failed attempts coming through 
for requests to UDP port 2002.

Begin sample from logs:

Aug 19 12:34:04 davinci /kernel: Connection attempt to UDP 
*myipaddress*:2002 from 212.154.26.10:2002
Aug 19 12:34:04 davinci /kernel: Connection attempt to UDP 
*myipaddress*:2002 from 210.188.196.40:2002
Aug 19 12:34:04 davinci /kernel: Connection attempt to UDP 
*myipaddress*:2002 from 202.158.39.190:2002
Aug 19 12:34:04 davinci /kernel: Connection attempt to UDP 
*myipaddress*:2002 from 63.217.26.26:2002
Aug 19 12:34:04 davinci /kernel: Connection attempt to UDP 
*myipaddress*:2002 from 63.217.26.32:2002
Aug 19 12:34:04 davinci /kernel: Connection attempt to UDP 
*myipaddress*:2002 from 203.187.15.21:2002
Aug 19 12:34:04 davinci /kernel: Connection attempt to UDP 
*myipaddress*:2002 from 194.193.195.70:2002
Aug 19 12:34:04 davinci /kernel: Connection attempt to UDP 
*myipaddress*:2002 from 212.204.227.201:2002
Aug 19 12:34:05 davinci /kernel: Connection attempt to UDP 
*myipaddress*:2002 from 202.206.100.38:2002

End sample from logs:

 From the time-stamps, it appears that ~100 hosts are making this 
request once every minute.  Anyone else experiencing this behavior?  I 
have noticed that all the hosts I checked using Netcraft were running 
some version of unix, mostly FreeBSD and all were running apache with PHP.

-- 
____________________________________________________
Curry Searle               | Postmaster
searle@unt.edu             | Unix Hosts
www.cas.unt.edu/~searle    | Xiotech Support
College of Arts & Sciences | Win32 Desktop & Server
Computer Support Services  | Network HW & Protocols



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D612DB6.607>