[nSLUG] IP Spoofing

Dop Ganger nslug at fop.ns.ca
Fri May 13 15:32:18 ADT 2005

On Fri, 13 May 2005, J. Paul Bissonnette wrote:

> 06:59:53     **IP Spoofing**         <IP>   Source IP: Port:3539 
> Dest IP: Port:5554
> Does any one know what this means, it was in the hacker log of my router.

A machine was trying to connect to your machine on port 5554. This was 
probably someone infected with a virus that scans for other machines that 
have been infected by Sasser, as Sasser uses port 5554. Since the source 
address is RFC1918 space, I suspect it was a machine on your local subnet 
as I believe Eastlink filters out reserved addresses at the gateway.

Not something to really worry about, unless you have a machine 
on your own network, in which case you may want to run a virus scan.

Cheers... Dop.


More information about the nSLUG mailing list