[Intrusions] Port 44916 Scans
Mike Rabinowitz
mrabinowitz at burntmail.com
Fri Nov 5 13:31:28 GMT 2004
Hi all,
Anyone seen scans for tcp 44916? I haven't been able to dig anything up on this. No trace included here, but I'll give you the general idea:
*Packets are always flagged with SYN just trying to initiate connection
*TCP retries are normal with 0, 3, 6 second intervals before giving up
*Sources seem to have nothing in common save for the fact that they are dial-ups or home dsl's.
I can barely find anything about this port except for on Kurt Siegfield's pages stating that this should be the starting high source client port for Linux Fedora.
ISC does show activity for this port if you search on it, but no details are included.
FYI, I work at an MSSP with many devices across different public address spaces. I see this traffic at only one range: 12.0.0.0/8. This belongs to AT&T.
Anyone else seen this at all? Any idea what exploit this uses or what tool might generate it?
Thanks in advance,
Mike
More information about the Intrusions
mailing list