[Dshield] Port 1935 - tincan - also Macromedia Breeze server

L. Ruiz dianalucy00-sans at yahoo.com
Wed Feb 15 20:56:29 GMT 2006


Hello all,

Yesterday I was tracking down attempts by two separate machines to contact an
outside server using a non-standard port - 1935.  The first thing I did was to
check Sans site for that port.  It reported the protocol "tincan".  I then
googled and most links were copies of the text list that IANA maintains until I
found this page.

http://www.seifried.org/security/ports/1000/1935.html

That tipped me off that this was not a spyware event but possibly a legitimate
attempt to access a well known vendor's lesser known service.

I confirmed this after speaking to the users and reading Adobe/Macromedia's
tech page about requiring port 1935 be open in order to allow access to a
Breeze streaming presentation.

My request is, if this is not an oversight, can SANS/Dshield please list all
uses of ports both official and unofficial?  This would help me and others
track down whether or not the traffic is in fact using one of the unofficial
services or is in fact a spyware or other infestation.

Thank you,
Linda Ruiz

For my non-geek friends:
Friends don't email friends .exe or .com files.  So don't open those types of attachments!!
For my geek friends:
Adopt a newbie....


More information about the list mailing list