[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Probe, apparently from Microsoft??

To: "'Fw-1-Mailinglist (E-mail)'" <[email protected]>
Subject: [FW1] Probe, apparently from Microsoft??
From: "Sterling, Chuck" <[email protected]>
Date: Fri, 20 Oct 2000 14:44:27 -0600
Importance: low
Sender: [email protected]


Hi all...

Gotta question. A few minutes ago we received a minor barrage of probes with
an apparent source of www.microsoft.com, all four addresses, attempting to
hit random addresses on our network using ports 1024 and 3072. This has
happened before, and often enough to finally make it onto my radar screen.

The push started at 1:51:28 MDT and ended at 2:18:22, amounting to quite a
few log entries, all dropped.

The main question: Is it likely that this is actually originating at
Microsoft? It seems more likely that someone else is trying to make it look
that way, but I am open for suggestions. Less important question: If it is
not Microsoft, is there a way I can find out who it is? Less important
question #2: Is there a particular hack in use these days that looks for
ports 1024 and/or 3072, or are they the default ports for somebody's
published kiddie script?

We also see this type of attack supposedly emanating from yahoo, compaq, and
ebay, among those I've noticed.

The last question: Is anyone else noticing this sort of activity?

Thanks,
Chuck Sterling
AlliedSignal/Honeywell/United Technologies/Tyco/Etc.


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Problem with Domain Logon
Next by Date: [FW1] Re:
Prev by thread: [FW1] Problem with Domain Logon
Next by thread: [FW1] RE: Nokia Static Routes -- Correction
Index(es):
- Date
- Thread