[Dshield] Port 554/tcp

McKinlay, Ken ken.mckinlay at dy4.com
Wed Oct 1 14:43:01 GMT 2003


I haven't seen a large upswing in my tarpit today for that port, but the day
is still young.

See BugTraq ID 7020 at http://www.securityfocus.org/bid/7020/info/ and the
archived discussion thread starting at
http://lists.insecure.org/lists/incidents/2003/May/0060.html for details
about a buffer overflow vulnerability with the Real Networks Real Servers.

Ken McKinlay, GCIA
Network Security, Dy 4 Systems
ken.mckinlay at dy4.com 

> -----Original Message-----
> From: Jon R. Kibler [mailto:Jon.Kibler at aset.com]
> Sent: Wednesday, October 01, 2003 10:05 AM
> To: list at dshield.org
> Subject: [Dshield] Port 554/tcp
> Today is Monday, right? At least is seems so here. The data 
> circuit over which route outgoing traffic (except mail) is 
> down, and since I cannot access the web, I may be asking some 
> stupid questions here, so please forgive me in advance.
> We have seen a sudden rise this morning in 554/tcp traffic. 
> Has anyone else?
> One of our Linux boxes claims in the default /etc/services 
> file that 554 is "Real Time Stream Control Protocol"... what is that?
> Any ideas with what application or exploit these probes may 
> be associated?
> Thanks!
> Jon R. Kibler
> Chief Technical Officer
> A.S.E.T., Inc.
> Charleston, SC  USA
> (843) 849-8214

More information about the list mailing list