[Dshield] 4051/tcp

David Taylor ltr at isc.upenn.edu
Mon Jun 27 10:59:46 GMT 2005


I am not seeing any port 4051 traffic here.  Sans isn't showing any
significant traffic for this port.

http://isc.sans.org/port_details.php?port=4051




==================================================
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
LTR at ISC.UPENN.EDU               (215) 898-1236
http://www.upenn.edu/computing/security/
================================================== 

SANS - The Twenty Most Critical Internet Security Vulnerabilities 
http://www.sans.org/top20/

SANS - Internet Storm Center
http://isc.sans.org


-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of jayjwa
Sent: Monday, June 27, 2005 6:44 AM
To: Dshield Mail List
Subject: [Dshield] 4051/tcp



I've been seeing alot of SYN packets to port 4051 lately. In fact, other 
than Qwest's on-going virus barrage (since June 7th) on 25 and the 
usual 445 stuff, it's the number one port getting attention in the 
firewall logs. The source ports are mid-high range and vary. A few (2-3) 
of the hosts I recognise. Sorted & uniq'ed, here's last night's hosts:

172.140.211.248
172.142.243.235
172.158.148.66
206.190.36.217
24.92.126.176
64.160.164.123
64.179.117.25
64.179.12.92
64.179.46.166
64.179.7.64
64.34.164.5
66.216.94.79
66.35.250.225
66.63.86.62
68.166.180.38
68.253.184.180
68.68.24.54
69.165.22.136
71.107.111.252
83.29.7.55
84.69.29.77

Of those, some had their 4051 filtered, some closed, and one was open. The 
open one wouldn't return any traffic when connected to. There didn't seem 
to be much on Google about it, just a few things about broken ftp 
connections which I doubt this is. Also a few mentions of a chat system 
I've never heard of. Has anyone seen activity on this port and might 
know what is going to & fro?


-- 
Confidentiality Notice: This email may contain confidential
and privileged information. If in the event that it does,
please send it back to me with a reply telling me how
stupid I am for sending confidential info to a public forum.

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list