[Snort-sigs] Odd scans from 220.127.116.11
mkettler at ...189...
Tue Apr 23 11:57:16 EDT 2002
1) this really should be on snort users, not snort-sigs. Please use the
snort-users list next time you have a general question.
2) have you been using IRC?
Note that the packet you have logged is a syn-ack, which means it is (or
claims to be) a response to a request for connect from your machine
connecting to that server.
The IP that is "scanning" you is a IRC server.. see:
Host name: irc.tokyo.wide.ad.jp
IP address: 18.104.22.168
And look, a lot of this traffic is from port 6666/tcp on their end. From
the snort.org ports DB:
6666 tcp irc-serv internet relay chat server
and from IANA: (http://www.iana.org/assignments/port-numbers)
ircu 6665-6669/tcp IRCU
ircu 6665-6669/udp IRCU
Sounds like you're being "scanned' by your own internet activity.
At 01:01 PM 4/23/2002 -0500, Robert Wagner wrote:
>Odd scans from 22.214.171.124. Does anyone know what they are scanning for?
>I don't have a server running at myip. I have heard this IP address has
>been doing a lot of scanning like this. Slow scan to avoid detection.
More information about the Snort-sigs