[Snort-users] Re: [Snort-sigs] Scan on tcp 13000

>
> Has anyone else seen any tcp scans with both source and destination ports of

Yep, coming out of columbia.edu.
Called them and sent logs earlier today
(symantec: take note.. we saw it first)

see:
http://www.mynetwatchman.com/LID.asp?IID=22029380 funny ting, on the security section of their web site them mention that they had their web site defaced and users redurected towards a porn site yesterday.
I called them up, thinking that they might have staff on duty.. noop, nothing, all phone lines, help desk, security phones have ' thank you for calling when we are all home', press 0 for operator, nothing.

What source ip addresses are you seeing?

-- 
Michael Scheidell, CEO
SECNAP Network Security, LLC 
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Looking for a career in Internet security?
http://www.secnap.net/employment/


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users