[Dshield] Probe of High Ports

Johannes B. Ullrich jullrich at euclidian.com
Tue Nov 6 23:21:16 GMT 2001

Hash: SHA1

These ports don't ring a bell. I would suspect that it is just someone 
having fun running nmap on random hosts looking for back doors and such?

There is something running at port 4045 on this machine. not sure what. It 
looks like a Solaris box. As it has rpc running as well, it probably got 
taken out using one of the rpc exploits.

On Tue, 6 Nov 2001, Rosa, Frank wrote:

> 	On Nov.3,2001 Between 21:08 and 21:09 PM we received a Scan; 
> Source Destination: with TCP protocol  to the following
> ports:
> 55787
> 56306
> 56827
> 56828
> 56831
> 56829
> 56830
> 	All attempts were drop by our FireWall, I noticed that this address
> is on your Ten Most wanted.
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see: http://www1.dshield.org/mailman/listinfo/dshield

- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org


More information about the list mailing list