[Dshield] Probe of High Ports

Johannes B. Ullrich jullrich at euclidian.com
Tue Nov 6 23:21:16 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



These ports don't ring a bell. I would suspect that it is just someone 
having fun running nmap on random hosts looking for back doors and such?

There is something running at port 4045 on this machine. not sure what. It 
looks like a Solaris box. As it has rpc running as well, it probably got 
taken out using one of the rpc exploits.



On Tue, 6 Nov 2001, Rosa, Frank wrote:

> 
> 
> 	On Nov.3,2001 Between 21:08 and 21:09 PM we received a Scan; 
> Source Destination: 202.102.201.41 with TCP protocol  to the following
> ports:
> 
> 55787
> 56306
> 56827
> 56828
> 56831
> 56829
> 56830
> 
> 	All attempts were drop by our FireWall, I noticed that this address
> is on your Ten Most wanted.
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see: http://www1.dshield.org/mailman/listinfo/dshield
> 

- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE76HBuVOIizK5pIDMRAhf/AJ9Hbcoz2M5Ti770qzvRqK03tOlgsACferBr
5E4fqspkmPRB/iqSwGKT8q0=
=Ebx4
-----END PGP SIGNATURE-----




More information about the list mailing list