Re: Microsoft.Com scan on port 1178

Federico Voges Tue, 03 Jul 2001 17:01:05 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just to satisfy my curiosity, I did an update yesterday (using Windows
Update, obviuosly). 

I few minutes ago, I've received a mail from LogCheck with the logged
attemps to connect to port 1178 :)
But to my surprise, those attempts wasn't coming from microsoft.com but
from ck1.vip.sce.yahoo.com !?

Here's the excerpt from the mail:

Security Violations
=-=-=-=-=-=-=-=-=-=
Jul  3 20:46:23 drakis kernel: Packet log: input DENY ppp0 PROTO=6
209.1.225.5:80 200.51.209.143:1178 L=44 S=0x40 I=10629 F=0x4000 T=50
(#31)
Jul  3 20:46:25 drakis kernel: Packet log: input DENY ppp0 PROTO=6
209.1.225.5:80 200.51.209.143:1178 L=44 S=0x40 I=12209 F=0x4000 T=50
(#31)
Jul  3 20:46:26 drakis kernel: Packet log: input DENY ppp0 PROTO=6
209.1.225.5:80 200.51.209.143:1178 L=40 S=0x40 I=12286 F=0x4000 T=50
(#31)
Jul  3 20:46:43 drakis kernel: Packet log: input DENY ppp0 PROTO=6
209.1.225.5:80 200.51.209.143:1178 L=44 S=0x40 I=22410 F=0x4000 T=50
(#31)
Jul  3 20:47:07 drakis kernel: Packet log: input DENY ppp0 PROTO=6
209.1.225.5:80 200.51.209.143:1178 L=44 S=0x40 I=35888 F=0x4000 T=50
(#31)
Jul  3 20:47:37 drakis kernel: Packet log: input DENY ppp0 PROTO=6
209.1.225.5:80 200.51.209.143:1178 L=40 S=0x40 I=53011 F=0x4000 T=50
(#31)

On Mon, 02 Jul 2001 20:29:50 -0700 (PST), Shawn Tayler wrote:

>On 02 Jul 2001 08:30:26 -0700, Aaron Grewell wrote:
>
>>They probably didn't.  Source obfuscation is a time-honored tradition in
>>portscanning.
>
>Ah, but I got another tidbit on this today.  Apparently I am not the
>only person this has happened to.  People are finding port scans on
>1178 from Microsoft.Com the day after a Windows Online update is
>executed on a regular basis.  Anyone on the list have a Winblows box
>behind a firewall they'd like to test my theory on?
>
>stayler
>
>_______________________________________________
>http://linux.nf -- [EMAIL PROTECTED]
>Archives, Subscribe, Unsubscribe, Digest, Etc 
>->http://linux.nf/mailman/listinfo/linux-users


Federico Voges
Socio gerente

Intrasoft
Malabia 2137 14 A
(1425) Buenos Aires
Argentina

Te/Fax: 54-11-4833-5182
e-mail: [EMAIL PROTECTED]
Web: http://www.intrasoft.com.ar

PGP Public Key Fingerprint: A536 4595 EB6F D197  FBC1 5C3A 145C 2516

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its 
affiliated companies.

iQA/AwUBO0JiOhRcJRaVKt4XEQKRGwCaA2UpAbt2fF/hrXBxCD3M3BTBJoUAnjV+
2o9xJv/0U4IcUjryUsGEUHnO
=YiRy
-----END PGP SIGNATURE-----


_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc 
->http://linux.nf/mailman/listinfo/linux-users
Re: Microsoft.Com scan on port 1178

Reply via email to
