[Intrusions] Port 13227
Kyle Maxwell
krmaxwell at gmail.com
Mon Sep 20 21:16:10 GMT 2004
On Mon, 20 Sep 2004 11:13:07 +1000, Mark Hofman
<mhofman at shearwatersolutions.com.au> wrote:
> One of our customers is getting quite a number of hits on port TCP/13227
> on their firewalls. The source seems to be mainly dail-in and ADSL
> machines from a wide range of locations (so far US, Europe, NZ and
> local). It is mainly to one specific location, but from the logs it
> doesn't seem to be in response to anything.
>
> Anybody seen anything similar or know what they might be looking for on
> this port?
Can he set up a listener on an isolated host and get a packet capture?
Does he have any internal applications that use that port? If
practical, can he scan his internal network for systems listening on
that port (to investigate them further)?
Just some thoughts, we haven't seen anything that I'm aware of.
--
Kyle Maxwell
[krmaxwell at gmail.com]
More information about the Intrusions
mailing list