Hi,
I am wondering if anyone knows what is causing these in our logs ?
Sep 23 03:56:18 <> list 100 denied tcp 216.xx.xx.66(47850) ->
203.xx.xx.2(23), 1 packet
Sep 23 03:56:19 <> list 100 denied tcp 216.xx.xx.66(47850) ->
203.xx.xx.50(23), 1 packet
Sep 23 03:56:20 <> list 100 denied tcp 216.xx.xx.66(47850) ->
203.xx.xx.102(23), 1 packet
Sep 23 03:56:21 <> list 100 denied tcp 216.xx.xx.66(47850) ->
203.xx.xx.152(23), 1 packet
Sep 23 03:56:22 <> list 100 denied tcp 216.xx.xx.66(47850) ->
203.xx.xx.201(23), 1 packet
Sep 23 03:56:23 <> list 100 denied tcp 216.xx.xx.66(47850) ->
203.xx.xx.253(23), 1 packet
Sep 23 03:56:23 <> list 100 denied tcp 216.xx.xx.66(47850) ->
203.xx.xx.254(23), 1 packet
Observations:
- The source port is always the same, and is generally port 47850.
- The destination port is always port 23.
- It is too quick to be manually done.
- The size of the gaps in the address space is variable.
- The only continent they have not come from is Africa.
I would like to know what is being used to do the job ? why they
are happening ? and what may follow ?
Thank you in advance,
Jim Smart
Brisbane, Australia
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
