[linux-help] Re: Port 18593 attacks
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
No - In one bunch of 916 hits there were 110 different addresses. 38 were to
UDP, the rest to TCP. Usually hits an address/port combination two to four
times and then switches. Sometimes switches address and port in less than a
second (two hits with the same time-stamp.) Most source ports are four
digit, the rest are five digit.
A sort on source addresses shows several addresses used quite a few times.
24.161.87.199 used 64 times with 16 different ports, each port used exactly
four times.
24.167.68.48 used 30 times, five different ports, each used exactly six times.
68.113.250.214 24 times, 8 different ports, each used exactly three times.
68.47.163.14 26 times, nine different ports, all but one used three times and
on used twice.
144.137.113.30 used 81 times with about 78 different ports.
217.226.110.2 used 106 times with ports used mostly three or four times.
I'm sure that's more information than anyone wants.
bruce
On Sunday 01 August 2004 01:12, you wrote:
> I am not aware of any server/software that uses TCP port 18593. Do the
> attacks appear to be originating from any particular sources?
>
> ----- Original Message -----
> From: "bbales" <bbales@xxxxxxx>
> To: <linux-help@xxxxxxxxx>
> Sent: Saturday, July 31, 2004 9:52 PM
> Subject: [linux-help] Port 18593 attacks
>
> > During the past week my Frazier Firewall has been turning away thousands
>
> of
>
> > attempts at port 18593. Some times as many as 245 in one hour. In the
>
> past
>
> > when I had a large number of hits on one port, I could find something
>
> about
>
> > it from Symantec or some forum on the web. This time no-one is reporting
> > anything about port 18593.
> >
> > It seems to be overwhelming the firewall logging facilities as the daily
>
> email
>
> > only reports the last six or eight hours.
> >
> > Anyone have any clues about this?
> > bruce
> >
> >
> > -- This is the linux-help@xxxxxxxxx list. To unsubscribe,
> > visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
>
> -- This is the linux-help@xxxxxxxxx list. To unsubscribe,
> visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
-- This is the linux-help@xxxxxxxxx list. To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
- [linux-help] Re: Port 18593 attacks, Adam M. Sennott, 2004/08/01
- [linux-help] Re: Port 18593 attacks,
bbales <=
- [linux-help] Re: Port 18593 attacks, Jonathan Hall, 2004/08/02
- [linux-help] Re: Port 18593 attacks, ironrose, 2004/08/02
- [linux-help] Re: Port 18593 attacks, bbales, 2004/08/02
- [linux-help] Re: Port 18593 attacks, ironrose, 2004/08/02
- [linux-help] Re: Port 18593 attacks, Jonathan Hall, 2004/08/02
- [linux-help] Re: Port 18593 attacks, ironrose, 2004/08/03
- [linux-help] Re: Port 18593 attacks, Jonathan Hall, 2004/08/03
- [linux-help] Re: Port 18593 attacks, bbales, 2004/08/03
- [linux-help] Re: Port 18593 attacks, ironrose, 2004/08/03
- [linux-help] Re: Port 18593 attacks, John Lucas, 2004/08/03
|
|