jsage at finchhaven.com
Mon Oct 29 03:23:45 GMT 2001
You might take a look at:
for a *very* comprehensive port listing..
There doesn't seem to be anything known on their source port of 4138;
some of the destination ports *do* have known uses but they're pretty
ttc-etap-ds 2978/tcp #TTCs Enterprise Test Access Protocol - DS
ttc-etap-ds 2978/udp #TTCs Enterprise Test Access Protocol - DS
unisql-java 1979/tcp #UniSQL Java
unisql-java 1979/udp #UniSQL Java
ibm-mqseries2 1881/tcp #IBM MQSeries
ibm-mqseries2 1881/udp #IBM MQSeries
sunscalar-svc 1860/tcp #SunSCALAR Services
sunscalar-svc 1860/udp #SunSCALAR Services
informatik-lm 1428/tcp #Informatik License Manager
informatik-lm 1428/udp #Informatik License Manager
Sometimes it's helpful to remember that the clowns who are doing tcp SYN
scans aren't always real bright...
The source ip you show didn't respond to either an http request, or to
nmap, so it may not be up at the moment..
Peter Street wrote:
> Just noticed quite a few reports in ZA-Pro's logs from 126.96.36.199:
> FWIN,2001/10/28,20:38:22 +0:00
> GMT,188.8.131.52:4138,184.108.40.206:6346,TCP (flags:S)
> These appear to be targeting lots of different ports, including:
> 4597, 1979, 1173, 1428, 2978, 3547, 3765, 1044, 1860, 1881, 1136
> and quite a few others. (If it would help, I can put a full list up).
> Basically, is there somewhere I can find out what they were trying to
> do? AFAIK it's still happening (I'm running Windows XP Pro RC2 (Build
> 2525), and I have IIS 5.1 working with my development website on it -
> does anyone know of any exploits and patches I need to consider with
> Any help would be much appreciated.
> Peter Street
> Web Developer / Manager
> LazerFX Productions
> www.lazerfx.co.uk (Under Construction)
More information about the list