[Dshield] Big jump in 554/tcp port scans

Dshield Contributor dshield at pfunkjr.dissimulo.com
Mon Nov 24 18:06:20 GMT 2003


I only have ONE IP that is monitored and I too, had the same problem.
Port 554 scans...

Port Summary
Port Packets Sources Targets Service Name 
554 22 22 1 rtsp   Real Time Stream Control Protocol  

Only, the last one on my logs is: 1640 23 Nov

They are coming from Korea, China and one from Australia.

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On
Behalf Of Jon R. Kibler
Sent: Monday, November 24, 2003 9:31 AM
To: list at dshield.org
Subject: [Dshield] Big jump in 554/tcp port scans


Yesterday we saw a big spike in scans against port 554/tcp (RTSP). The
scans started at about 0800 on 2003/11/23 and ended about 0100 on
2003/11/24 (none since that time). They hit every address in our net
block. Also, they appear to have originated from 48 IPs around the
world.

This wasn't a major spike, but was the third most scanned port yesterday
(as usual, 135/tcp was first and 80/tcp was second). However, the number
of scans jumped from a weekly average of less than 5 per day to over 30
an hour.

Any ideas? Is this potentially the start of something new?

Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.





More information about the list mailing list