[Snort-users] Need help in interpreting port scans.

cg16uy at ...152... cg16uy at ...152...
Sun Apr 4 09:59:02 EDT 2004


Can someone tell me what could scan these particular
ports in rapid succession? Are these infected machines
looking for another captive?

Thank you
~

Apr  4 10:29:59 nightfall mach_kernel: ipfw: 1900 Deny TCP
24.150.27.77:3926 66.68.183.43:3127 in via en0
Apr  4 10:29:59 nightfall mach_kernel: ipfw: 1100 Deny TCP
24.150.27.77:3918 66.68.183.43:1025 in via en0
Apr  4 10:29:59 nightfall mach_kernel: ipfw: 1900 Deny TCP
24.150.27.77:3934 66.68.183.43:6129 in via en0
Apr  4 10:29:59 nightfall mach_kernel: ipfw: 1900 Deny TCP
24.150.27.77:3915 66.68.183.43:2745 in via en0
Apr  4 10:29:59 nightfall mach_kernel: ipfw: 900 Deny TCP
24.150.27.77:3945 66.68.183.43:80 in via en0
Apr  4 10:30:05 nightfall mach_kernel: ipfw: 1900 Deny TCP
24.150.27.77:3926 66.68.183.43:3127 in via en0
Apr  4 10:30:05 nightfall mach_kernel: ipfw: 1900 Deny TCP
24.150.27.77:3934 66.68.183.43:6129 in via en0
Apr  4 10:30:05 nightfall mach_kernel: ipfw: 1100 Deny TCP
24.150.27.77:3918 66.68.183.43:1025 in via en0
Apr  4 10:30:05 nightfall mach_kernel: ipfw: 1900 Deny TCP
24.150.27.77:3915 66.68.183.43:2745 in via en0
Apr  4 10:30:05 nightfall mach_kernel: ipfw: 900 Deny TCP
24.150.27.77:3945 66.68.183.43:80 in via en0




More information about the Snort-users mailing list