X-PMC-CI-e-mail-id: 11593
I guess one of these days it is getting harder to keep track of what
each port scan is doing.
But, here it goes.
Over the last few days, our DMZ hosts were scanned for UDP port 161 from multiple
sites..
My guess is some kind of trojan or something.
Here it goes. Only a portion of the probe is listed.
1 packets: 203.97.101.36(20480) ->202.218.93.62(161), : Oct 16 09:40:23
1 packets: 203.97.101.36(20480) ->202.218.93.7(161), : Oct 16 09:40:30
1 packets: 203.97.101.36(20480) ->202.218.93.8(161), : Oct 16 09:40:30
1 packets: 203.97.101.36(20480) ->202.218.93.9(161), : Oct 16 09:40:30
1 packets: 209.46.83.2(61258) ->202.218.93.3(161), : Oct 20 18:59:45
1 packets: 209.46.83.2(62408) ->202.218.93.4(161), : Oct 20 19:45:04
1 packets: 209.46.83.2(63008) ->202.218.93.2(161), : Oct 20 18:14:08
Does anyone know what this probe is?
I might just want to label such port for potential known trojan name
in our log summary.
--
Ishikawa, Chiaki [EMAIL PROTECTED] or
(family name, given name) [EMAIL PROTECTED]
Personal Media Corp. ** Remove .NoSpam at the end before use **
Shinagawa, Tokyo, Japan 142-0051
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
