[unisog] Odd scan - ports 57 and 80

Anderson Johnston andy at umbc.edu
Thu Sep 19 16:40:58 GMT 2002


Maybe the question is whether anyone has ever seen port 57 used for
anything at all.  The RFC may never have been implemented.   If IANA says
private access, then maybe there is some remote access/admin software that
this scan it trying specifically to find.

On Wed, 18 Sep 2002, Tom Perrine wrote:

> Port 57 (TCP or UDP) is *NOT* Mail Transport Service, AFAICT.  See
>
> http://www.iana.org/assignments/port-numbers
>
> which calls it "any private terminal access".
>
> As for what its being used for, perhaps as an OS fingerprint before
> launching the actual attack?
>
> --
> Tom E. Perrine <tep at SDSC.EDU> | San Diego Supercomputer Center
> http://www.sdsc.edu/~tep/     |
>

------------------------------------------------------------------------------
** Andy Johnston (andy at umbc.edu)          *            pager: 410-678-8949  **
** Manager of IT Security                 * PGP key:(afj2002) 4096/8448B056 **
** Office of Information Technology, UMBC *   4A B4 96 64 D9 B6 EF E3 21 9A **
** 410-455-2583 (v)/410-455-1065 (f)      *   46 1A 37 11 F5 6C 84 48 B0 56 **
------------------------------------------------------------------------------



More information about the unisog mailing list