TCP/21536 attack?

Gary Maltzen Tue, 14 Nov 2000 08:55:34 -0800
Is there a list more appropriate for 'what the heck is this' posts?

It's not in /etc/services
It's not in Graham http://www.robertgraham.com/pubs/firewall-seen.html
It's not in Simovits http://www.simovits.com/nyheter9902.html
It's not in TLSecurity http://www.tlsecurity.com/trojanh.htm
It's not in advICE http://advice.networkice.com/advice/Exploits/Ports/

Interestingly enough it's from tcp/18245 each time...

 From Poland
Nov 12 11:59 CDT tcp 212.160.25.170(18245) -> 209.134.156.113(21536), 1
packet
Nov 12 16:05 CDT tcp 212.160.25.123(18245) -> 209.134.156.113(21536), 1
packet
Nov 12 16:11 CDT tcp 212.160.25.123(18245) -> 209.134.156.113(21536), 6
packets
Nov 12 16:13 CDT tcp 212.160.25.123(18245) -> 209.134.156.113(21536), 1
packet
Nov 12 16:13 CDT tcp 212.160.25.123(18245) -> 209.134.156.113(21536), 1
packet
 From Canada
Nov 13 19:33 CDT tcp 209.213.239.60(18245) -> 209.134.156.113(21536), 1
packet
 From Sweden
Nov 14 03:57 CDT tcp 213.204.132.194(18245) -> 209.134.156.113(21536), 1
packet
Nov 14 03:57 CDT tcp 213.204.132.194(18245) -> 209.134.156.113(21536), 3
packets
Nov 14 03:58 CDT tcp 213.204.132.194(18245) -> 209.134.156.113(21536), 1
packet

Any clues?
-TIA
 Gary

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
TCP/21536 attack?

Reply via email to
