[Dshield] Port 10616 -> Updates to the DShield site?
Daniel G. Kluge
dkluge at acm.org
Sun Aug 6 15:01:54 GMT 2006
it was a slow day, so I was going through all the ports I didn't know
offhand that were probed, and one which struck me as an interesting
example is port 10616 (TCP).
This port is used by the eiQnetworks Enterprise Security Analyzer
(ESA) for licensing communication apparently, and guess what it has a
vulnerability (updates are available). For a background see http://
Now if you do a port on DShield using http://www.dshield.org/
port_report.php?port=10616 you will see all the hallmarks of a fresh
exploit. Since shell-code was available at the time of public
disclosure of the bug, some people started scanning right away I'd
One thing that I find annoying is that the port report only lists
approved CVEs, and not the candidates. I guess the threat will be all
but over by the time the CVE is approved by the CVE editorial board,
BTW it's CVE-2006-3838 and has references to no end.
So question: Couldn't we/shouldn't we include CVE candidates too in
the port reports?
And another thing that I saw during fight-back (was mentioned before)
is the "[/etc/jwhois.conf: Unable to open]" issue appearing from time
More information about the list