[Dshield] Scans to port 1530 and 1531 from multiple ports
lweast at leeclerk.org
Mon Sep 9 19:41:44 GMT 2002
What would be sending/scanning (?) UDP from a NT4 Exch5.5 mail server to a
subnet range not on our network ports 1530 and 1531 from a multiple
scattering of ports?
I have scanned the file system thoroughly with updated virus sigs and found
Many port lists show 1530 and 1531 as being used by RAP-Service and
RAP could be Route Access Protocol or Remote Administration Protocol or
Resource Allocation Protocol.
The most suspicious being Remote Administration Protocol but I have been
unable to find much of anything about it Google or otherwise.
More information about the list