[Intrusions] Port 44916 Scans
Ken Connelly
ken.connelly at uni.edu
Sun Nov 7 22:02:46 GMT 2004
That port hasn't made my top-25 list in the past week, nor my top-10
list anytime this year. Sorry...
-ken
Mike Rabinowitz wrote:
>Hi all,
>
>Anyone seen scans for tcp 44916? I haven't been able to dig anything up on this. No trace included here, but I'll give you the general idea:
>
>*Packets are always flagged with SYN just trying to initiate connection
>*TCP retries are normal with 0, 3, 6 second intervals before giving up
>*Sources seem to have nothing in common save for the fact that they are dial-ups or home dsl's.
>
>I can barely find anything about this port except for on Kurt Siegfield's pages stating that this should be the starting high source client port for Linux Fedora.
>
>ISC does show activity for this port if you search on it, but no details are included.
>
>FYI, I work at an MSSP with many devices across different public address spaces. I see this traffic at only one range: 12.0.0.0/8. This belongs to AT&T.
>
>Anyone else seen this at all? Any idea what exploit this uses or what tool might generate it?
>
>
>Thanks in advance,
>
>
>Mike
>
>
>_______________________________________________
>Intrusions mailing list
>Intrusions at lists.sans.org
>http://www.dshield.org/mailman/listinfo/intrusions
>
>
More information about the Intrusions
mailing list