[Dshield] 2967/TCP (SSC-AGENT) Scans
scottf at uark.edu
Wed Jan 10 18:19:47 GMT 2007
Judging by the release documentation, No. All of the Fix IDs I see
listed related to PP1 and MP1 appear to be more stability and other
similar program updates rather then a remote security glitch.
The activity on the 2 ports in question is related to problems
reported last May.
There was discussion at the ISC (and I thought this list in
November/December) about port 2967/tcp
Port 2968/tcp is the Symantec AV Corporate Edition for Netware
management port and it is presumed that they are hitting the same
vulnerability that the windows clients have been getting hit with
over the past month a half.
Univ of Arkansas
At 11:49 AM 1/10/2007, dshield.org at keithbergen.com wrote:
>Is this new release with respect to any sort of attack or bug? I noticed
>that the top 2 & 3 ports as reported by dshield users are 2967 & 2968, and
>that those only seem to have started since mid-December. I don't recall
>seeing any discussion around those ports on this list.
>From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
>On Behalf Of Jeferson.Propheta at dana.com
>Sent: Wednesday, January 10, 2007 7:24 AM
>To: list at lists.dshield.org
>Subject: Re: [Dshield] 2967/TCP (SSC-AGENT) Scans
>New Symantec Release now available, MR for SAV CE 10.1.5.5010 ** strongly
>2967/tcp, is a port used to manage sav clients, 139, 445, 135 used to
>delivery signatures and another features like a reporting server agent,
>quarentine and more,
>5900 vnc port, various vnc version still have unfixed flaws. update
More information about the list