Date: Sun, 5 Aug 2001 22:57:49 +0200 From: Morten Aaboe <merloch@merloch.dk> To: security@freebsd.org Subject: Re: multiple port scans: tcp/8888 Message-ID: <20010805225749.A26335@kahlan.lethal.dk> In-Reply-To: <20010805223127.A4779@mandark.attica.home>; from abgoeree@wish.net on Sun, Aug 05, 2001 at 10:31:27PM %2B0200 References: <20010805223127.A4779@mandark.attica.home>
next in thread | previous in thread | raw e-mail | index | archive | help
ddi-tcp-1 8888/tcp NewsEDGE server TCP (TCP 1) ddi-udp-1 8888/udp NewsEDGE server UDP (UDP 1) -- M. Aaboe On Sun, Aug 05, 2001 at 10:31:27PM +0200, Andre Goeree wrote: > Hello -security, > > Attached is part of my ipfilter log. The file shows port scans coming > in from 25 different IP addresses from all over the world (Europe, > USA, Asia) to tcp/8888. Since I could not find any information about > tcp/8888, any comments are appreciated. > > Ago. > Jul 30 19:36:21 mandark ipmon[105]: 19:36:21.547418 tun0 @100:14 b 193.159.130.183,2029 -> 212.123.189.17,8888 PR tcp len 20 44 -S IN > Jul 30 19:36:22 mandark ipmon[105]: 19:36:22.467461 tun0 @100:14 b 193.159.130.183,2029 -> 212.123.189.17,8888 PR tcp len 20 44 -S IN > Jul 30 19:36:23 mandark ipmon[105]: 19:36:23.237444 tun0 @100:14 b 193.159.130.183,2029 -> 212.123.189.17,8888 PR tcp len 20 44 -S IN > Jul 30 19:36:25 mandark ipmon[105]: 19:36:25.077470 tun0 @100:14 b 193.159.130.183,2029 -> 212.123.189.17,8888 PR tcp len 20 44 -S IN > Jul 30 19:36:28 mandark ipmon[105]: 19:36:27.977529 2x tun0 @100:14 b 166.90.42.99,1397 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:36:30 mandark ipmon[105]: 19:36:30.087509 tun0 @100:14 b 166.90.42.99,1397 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:37:31 mandark ipmon[105]: 19:37:31.208244 tun0 @100:14 b 65.67.60.40,1845 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:37:32 mandark ipmon[105]: 19:37:31.878241 tun0 @100:14 b 65.67.60.40,1845 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:37:33 mandark ipmon[105]: 19:37:32.578264 2x tun0 @100:14 b 65.67.60.40,1845 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:37:41 mandark ipmon[105]: 19:37:41.378411 tun0 @100:14 b 216.143.213.49,3508 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:37:42 mandark ipmon[105]: 19:37:42.198400 tun0 @100:14 b 216.143.213.49,3508 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:37:43 mandark ipmon[105]: 19:37:42.998416 tun0 @100:14 b 216.143.213.49,3508 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:37:54 mandark ipmon[105]: 19:37:54.308570 tun0 @100:14 b 151.28.3.209,1442 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:37:56 mandark ipmon[105]: 19:37:55.848541 tun0 @100:14 b 151.28.3.209,1442 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:37:57 mandark ipmon[105]: 19:37:57.448526 tun0 @100:14 b 151.28.3.209,1442 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:38:09 mandark ipmon[105]: 19:38:09.508725 tun0 @100:14 b 213.132.137.155,1641 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:38:10 mandark ipmon[105]: 19:38:10.528706 tun0 @100:14 b 213.132.137.155,1641 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:39:00 mandark ipmon[105]: 19:38:59.459266 2x tun0 @100:14 b 217.80.71.22,3190 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:39:21 mandark ipmon[105]: 19:39:21.409528 tun0 @100:14 b 151.20.116.123,1583 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:39:22 mandark ipmon[105]: 19:39:22.099650 tun0 @100:14 b 151.20.116.123,1583 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:39:23 mandark ipmon[105]: 19:39:22.691221 2x tun0 @100:14 b 151.20.116.123,1583 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:39:24 mandark ipmon[105]: 19:39:23.801282 tun0 @100:14 b 172.190.193.75,3370 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:39:24 mandark ipmon[105]: 19:39:24.029562 tun0 @100:14 b 213.4.32.163,1642 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:39:25 mandark ipmon[105]: 19:39:25.159760 tun0 @100:14 b 172.190.193.75,3370 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:39:26 mandark ipmon[105]: 19:39:26.561214 tun0 @100:14 b 172.190.193.75,3370 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:39:27 mandark ipmon[105]: 19:39:27.619666 tun0 @100:14 b 217.229.204.92,2203 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:39:28 mandark ipmon[105]: 19:39:27.929757 tun0 @100:14 b 172.190.193.75,3370 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:39:28 mandark ipmon[105]: 19:39:28.301235 tun0 @100:14 b 217.229.204.92,2203 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:39:29 mandark ipmon[105]: 19:39:28.929662 2x tun0 @100:14 b 217.229.204.92,2203 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:39:32 mandark ipmon[105]: 19:39:32.609767 tun0 @100:14 b 213.4.32.163,1642 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:39:44 mandark ipmon[105]: 19:39:44.859937 tun0 @100:14 b 193.159.130.183,2549 -> 212.123.189.17,8888 PR tcp len 20 44 -S IN > Jul 30 19:39:45 mandark ipmon[105]: 19:39:45.669844 tun0 @100:14 b 193.159.130.183,2549 -> 212.123.189.17,8888 PR tcp len 20 44 -S IN > Jul 30 19:39:46 mandark ipmon[105]: 19:39:46.469816 tun0 @100:14 b 193.159.130.183,2549 -> 212.123.189.17,8888 PR tcp len 20 44 -S IN > Jul 30 19:39:47 mandark ipmon[105]: 19:39:47.510327 tun0 @100:14 b 193.159.130.183,2549 -> 212.123.189.17,8888 PR tcp len 20 44 -S IN > Jul 30 19:40:10 mandark ipmon[105]: 19:40:09.360151 tun0 @100:14 b 64.240.35.79,1917 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:40:11 mandark ipmon[105]: 19:40:10.561723 tun0 @100:14 b 64.240.35.79,1917 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:40:12 mandark ipmon[105]: 19:40:11.401828 tun0 @100:14 b 64.240.35.79,1917 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:40:24 mandark ipmon[105]: 19:40:23.850328 tun0 @100:14 b 151.21.99.66,3741 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:40:25 mandark ipmon[105]: 19:40:25.030379 tun0 @100:14 b 151.21.99.66,3741 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:40:27 mandark ipmon[105]: 19:40:26.430331 2x tun0 @100:14 b 151.21.99.66,3741 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:40:32 mandark ipmon[105]: 19:40:31.400442 2x tun0 @100:14 b 24.100.126.202,64457 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:40:35 mandark ipmon[105]: 19:40:35.020406 tun0 @100:14 b 24.100.126.202,64457 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:40:45 mandark ipmon[105]: 19:40:44.510514 2x tun0 @100:14 b 62.226.215.79,61316 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:40:45 mandark ipmon[105]: 19:40:45.130497 tun0 @100:14 b 216.72.52.94,1237 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:40:46 mandark ipmon[105]: 19:40:45.710532 2x tun0 @100:14 b 62.226.215.79,61316 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:40:47 mandark ipmon[105]: 19:40:47.440525 tun0 @100:14 b 216.72.52.94,1237 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:40:49 mandark ipmon[105]: 19:40:49.150630 tun0 @100:14 b 216.72.52.94,1237 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:41:26 mandark ipmon[105]: 19:41:26.141790 2x tun0 @100:14 b 24.229.86.45,4371 -> 212.123.189.17,8888 PR tcp len 20 64 -S IN > Jul 30 19:41:27 mandark ipmon[105]: 19:41:27.570976 tun0 @100:14 b 24.229.86.45,4371 -> 212.123.189.17,8888 PR tcp len 20 64 -S IN > Jul 30 19:41:28 mandark ipmon[105]: 19:41:28.280999 tun0 @100:14 b 24.229.86.45,4371 -> 212.123.189.17,8888 PR tcp len 20 64 -S IN > Jul 30 19:41:34 mandark ipmon[105]: 19:41:34.171088 2x tun0 @100:14 b 24.14.143.86,2054 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:41:35 mandark ipmon[105]: 19:41:35.521100 tun0 @100:14 b 24.14.143.86,2054 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:41:36 mandark ipmon[105]: 19:41:36.211107 tun0 @100:14 b 24.14.143.86,2054 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:41:39 mandark ipmon[105]: 19:41:38.041146 2x tun0 @100:14 b 62.136.26.149,1174 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:41:40 mandark ipmon[105]: 19:41:39.511138 tun0 @100:14 b 62.136.26.149,1174 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:41:46 mandark ipmon[105]: 19:41:45.931197 tun0 @100:14 b 213.217.170.230,1609 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:41:48 mandark ipmon[105]: 19:41:47.471238 tun0 @100:14 b 213.217.170.230,1609 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:41:50 mandark ipmon[105]: 19:41:49.171253 tun0 @100:14 b 213.217.170.230,1609 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:41:59 mandark ipmon[105]: 19:41:58.981382 tun0 @100:14 b 62.0.77.112,1687 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:42:01 mandark ipmon[105]: 19:42:00.671363 tun0 @100:14 b 62.0.77.112,1687 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:42:02 mandark ipmon[105]: 19:42:01.911390 tun0 @100:14 b 62.0.77.112,1687 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:42:02 mandark ipmon[105]: 19:42:02.011375 tun0 @100:14 b 63.42.158.65,3095 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:42:08 mandark ipmon[105]: 19:42:07.331469 2x tun0 @100:14 b 62.31.37.87,2375 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:42:09 mandark ipmon[105]: 19:42:08.561437 2x tun0 @100:14 b 62.31.37.87,2375 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:42:16 mandark ipmon[105]: 19:42:16.153864 tun0 @100:14 b 66.56.121.127,1950 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:42:17 mandark ipmon[105]: 19:42:17.201565 tun0 @100:14 b 66.56.121.127,1950 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN > Jul 30 19:42:18 mandark ipmon[105]: 19:42:17.904583 tun0 @100:14 b 66.56.121.127,1950 -> 212.123.189.17,8888 PR tcp len 20 48 -S IN To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010805225749.A26335>