[unisog] What would cause an alert like this?

Vijay S Sarvepalli VSSARVEP VSSARVEP at uncg.edu
Wed Feb 16 19:21:26 GMT 2005


Most likely Unreal Tournament.

But there is also a (UDP broadcast based) metasploit exploit for unreal 
game service on port 7787 service.

Vijay





Clyde Hoadley <hoadleyc at mscd.edu> 
Sent by: unisog-bounces at lists.sans.org
02/16/2005 12:50 PM
Please respond to
hoadleyc at mscd.edu; Please respond to
UNIversity Security Operations Group <unisog at lists.sans.org>


To
unisog at lists.sans.org
cc

Subject
[unisog] What would cause an alert like this?






What would cause this?  The "nnn.nnn.xxx.153" is a Windows XP
computer.  The desktop support technician reported that he didn't
find anything wrong with the workstation.  He did say it had a
game called "America's Army" installed.  Would that have caused
this?  I've only seen this alert once.

 >02/14/2005 09:20:04.128 -              Probable Port Scan -
 >Source:nnn.nnn.xxx.153, 1480, WAN - Destination:255.255.255.255,
 >7787, LAN -            UDP scanned port list, 8777, 7778, 7779, 7780, 
7781,
 >7782, 7783, 7784, 7785, 7786 - 

-- 
Clyde Hoadley
Metropolitan State College of Denver
<hoadleyc at mscd.edu> TEXT Email only please - no HTML!

_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20050216/58730cf8/attachment-0001.htm


More information about the unisog mailing list