Complete.Org: Mailing Lists: Archives: linux-help: August 2004:
[linux-help] Re: Port 18593 attacks

[linux-help] Re: Port 18593 attacks

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]

To:	linux-help@xxxxxxxxx
Subject:	[linux-help] Re: Port 18593 attacks
From:	bbales <bbales@xxxxxxx>
Date:	Sun, 1 Aug 2004 20:35:30 -0500
Reply-to:	linux-help@xxxxxxxxx

No - In one bunch of 916 hits there were 110 different addresses.  38 were to 
UDP, the rest to TCP.  Usually hits an address/port combination two to four 
times and then switches.  Sometimes switches address and port in less than a 
second (two hits with the same time-stamp.)  Most source ports are four 
digit, the rest are five digit.  

A sort on source addresses shows several addresses used quite a few times. 
24.161.87.199 used 64 times with 16 different ports, each port used exactly 
four times.
24.167.68.48 used 30 times, five different ports, each used exactly six times.
68.113.250.214  24 times, 8 different ports, each used exactly three times.
68.47.163.14  26 times, nine different ports, all but one used three times and 
on used twice.
144.137.113.30 used 81 times with about 78 different ports.
217.226.110.2 used 106 times with ports used mostly three or four times.

I'm sure that's more information than anyone wants.
bruce

On Sunday 01 August 2004 01:12, you wrote:
> I am not aware of any server/software that uses TCP port 18593.  Do the
> attacks appear to be originating from any particular sources?
>
> ----- Original Message -----
> From: "bbales" <bbales@xxxxxxx>
> To: <linux-help@xxxxxxxxx>
> Sent: Saturday, July 31, 2004 9:52 PM
> Subject: [linux-help] Port 18593 attacks
>
> > During the past week my Frazier Firewall has been turning away thousands
>
> of
>
> > attempts at port 18593.  Some times as many as 245 in one hour.  In the
>
> past
>
> > when I had a large number of hits on one port, I could find something
>
> about
>
> > it from Symantec or some forum on the web.  This time no-one is reporting
> > anything about port 18593.
> >
> > It seems to be overwhelming the firewall logging facilities as the daily
>
> email
>
> > only reports the last six or eight hours.
> >
> > Anyone have any clues about this?
> > bruce
> >
> >
> > -- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
> > visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
>
> -- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
> visit http://www.complete.org/cgi-bin/listargate-aclug.cgi

-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi

[Prev in Thread]

Current Thread

[Next in Thread]

[linux-help] Re: Port 18593 attacks, Adam M. Sennott, 2004/08/01
- [linux-help] Re: Port 18593 attacks, bbales <=
  - [linux-help] Re: Port 18593 attacks, Jonathan Hall, 2004/08/02
    - [linux-help] Re: Port 18593 attacks, ironrose, 2004/08/02
    - [linux-help] Re: Port 18593 attacks, bbales, 2004/08/02
    - [linux-help] Re: Port 18593 attacks, ironrose, 2004/08/02
    - [linux-help] Re: Port 18593 attacks, Jonathan Hall, 2004/08/02
    - [linux-help] Re: Port 18593 attacks, ironrose, 2004/08/03
    - [linux-help] Re: Port 18593 attacks, Jonathan Hall, 2004/08/03
    - [linux-help] Re: Port 18593 attacks, bbales, 2004/08/03
    - [linux-help] Re: Port 18593 attacks, ironrose, 2004/08/03
    - [linux-help] Re: Port 18593 attacks, John Lucas, 2004/08/03

Prev by Date: [linux-help] Re: Port 18593 attacks
Next by Date: [linux-help] Re: Port 18593 attacks
Previous by thread: [linux-help] Re: Port 18593 attacks
Next by thread: [linux-help] Re: Port 18593 attacks
Index(es):
- Date
- Thread