Honeypots
Re: Port 57572 Oct 26 2006 07:58AM
stonfi linuxmail org (1 replies)
RE: Port 57572 Oct 26 2006 07:58PM
comandur (comandur comandur com)
Thanks for the reply, however I don't think that would yeild much since all
I would capture was the syn packet...that information I already have in the
firewall log.
I could go ahead and forward the packets to a box and try to get more data,
but nothing is listening on that port so again, all I would get is the syn
packet.
I was interested in finding out if anyone else was seeing this as well or
knew what if there was a new trojan listening on this port.....if not, I
will do the forwarding and try to setup a generic service to accept the
request and see what it captures.

> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed]
> [mailto:listbounce (at) securityfocus (dot) com [email concealed]]On Behalf Of stonfi (at) linuxmail (dot) org [email concealed]
> Sent: Thursday, October 26, 2006 3:59 AM
> To: comandur; honeypots (at) securityfocus (dot) com [email concealed]
> Subject: Re: Port 57572
>
>
>
> > ----- Original Message -----
> > From: comandur <comandur (at) comandur (dot) com [email concealed]>
> > To: honeypots (at) securityfocus (dot) com [email concealed]
> > Subject: Port 57572
> > Date: Wed, 25 Oct 2006 17:56:36 -0400
> >
> >
> > Hello All,
> >
> > For the last couple weeks I have seen thousands of inbound connection
> > attempts from all over the net to port 57572 (TCP and UDP)
> >
> > Anyone else seeing these? Any idea what is going on?
> >
> > Thanks
>
> >
>
> hello,
>
> use tcpdump to capture what circulates.
>
> --
> _______________________________________________
> Get your free email from http://www.linuxmail.org
>
> Powered by Outblaze

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus