[Dshield] Big jump in 554/tcp port scans
dshield at pfunkjr.dissimulo.com
Mon Nov 24 18:06:20 GMT 2003
I only have ONE IP that is monitored and I too, had the same problem.
Port 554 scans...
Port Packets Sources Targets Service Name
554 22 22 1 rtsp Real Time Stream Control Protocol
Only, the last one on my logs is: 1640 23 Nov
They are coming from Korea, China and one from Australia.
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On
Behalf Of Jon R. Kibler
Sent: Monday, November 24, 2003 9:31 AM
To: list at dshield.org
Subject: [Dshield] Big jump in 554/tcp port scans
Yesterday we saw a big spike in scans against port 554/tcp (RTSP). The
scans started at about 0800 on 2003/11/23 and ended about 0100 on
2003/11/24 (none since that time). They hit every address in our net
block. Also, they appear to have originated from 48 IPs around the
This wasn't a major spike, but was the third most scanned port yesterday
(as usual, 135/tcp was first and 80/tcp was second). However, the number
of scans jumped from a weekly average of less than 5 per day to over 30
Any ideas? Is this potentially the start of something new?
Jon R. Kibler
Chief Technical Officer
Charleston, SC USA
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
More information about the list