[Dshield] Scans to port 1530 and 1531 from multiple ports

Lane Weast lweast at leeclerk.org
Mon Sep 9 19:41:44 GMT 2002


What would be sending/scanning (?) UDP from a NT4 Exch5.5 mail server to a
subnet range not on our network ports 1530 and 1531 from a multiple
scattering of ports? 
I have scanned the file system thoroughly with updated virus sigs and found
nothing.
Many port lists show 1530 and 1531 as being used by RAP-Service and
RAP-Listen.
RAP could be Route Access Protocol or Remote Administration Protocol or
Resource Allocation Protocol. 
The most suspicious being Remote Administration Protocol but I have been
unable to find much of anything about it Google or otherwise.






More information about the list mailing list