[Dshield] 2967/TCP (SSC-AGENT) Scans

Scott Fendley scottf at uark.edu
Wed Jan 10 18:19:47 GMT 2007

Judging by the release documentation, No.   All of the Fix IDs I see 
listed related to PP1 and MP1 appear to be more stability and other 
similar program updates rather then a remote security glitch.

The activity on the 2 ports in question is related to problems 
reported last May.

There was discussion at the ISC (and I thought this list in 
November/December) about port 2967/tcp

Port 2968/tcp is the Symantec AV Corporate Edition for Netware 
management port and it is presumed that they are hitting the same 
vulnerability that the windows clients have been getting hit with 
over the past month a half.

Scott Fendley
Univ of Arkansas

At 11:49 AM 1/10/2007, dshield.org at keithbergen.com wrote:
>Is this new release with respect to any sort of attack or bug? I noticed
>that the top 2 & 3 ports as reported by dshield users are 2967 & 2968, and
>that those only seem to have started since mid-December. I don't recall
>seeing any discussion around those ports on this list.
>-----Original Message-----
>From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
>On Behalf Of Jeferson.Propheta at dana.com
>Sent: Wednesday, January 10, 2007 7:24 AM
>To: list at lists.dshield.org
>Subject: Re: [Dshield] 2967/TCP (SSC-AGENT) Scans
>New Symantec Release now available, MR for SAV CE ** strongly
>recommended **
>2967/tcp, is a port used to manage sav clients, 139, 445, 135 used to
>delivery signatures and another features like a reporting server agent,
>quarentine and more,
>5900 vnc port, various vnc version still have unfixed flaws. update
>available: ultravnc.sourceforge.net
>best regards
>jeferson propheta

More information about the list mailing list