|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: UDP Probes (?) from port 28432 to 28431 ?
From: Xander Jansen (Xander.Jansen
SURFNET.NL)Date: Sat Mar 04 2000 - 04:45:28 CST
- Next message: Chuck Phillips: "Re: Cracked; rootkit - entrapment question?"
- Previous message: Chris Davis: "Re: CNET Hackers hit e-commerce site"
- Next in thread: Klaus Moeller: "UDP Probes (?) from port 28432 to 28431 ?"
- Reply: Klaus Moeller: "UDP Probes (?) from port 28432 to 28431 ?"
- Reply: Alexander Schreiber: "Re: UDP Probes (?) from port 28432 to 28431 ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
Has anyone seen UDP subnet-sweeps to port 28431 ? We've received a few
reports the last months about rather persistent and recurring subnet-scans
targetted at this specific port. All the probes are short UDP packets with
source port 28432 and destination port 28431. Typical pattern is also that
within a few seconds a complete subnet (/24 for example) is probed on this
port (and this port only). (I'm sorry to say that we don't have any info
on the contents of these packets yet).
I was wondering if anyone knows about either a valid or malicious
application using these ports (I couldn't find any reference in the usual
portlists) ?
Thanks,
Xander Jansen
CERT-NL/SURFnet
- Next message: Chuck Phillips: "Re: Cracked; rootkit - entrapment question?"
- Previous message: Chris Davis: "Re: CNET Hackers hit e-commerce site"
- Next in thread: Klaus Moeller: "UDP Probes (?) from port 28432 to 28431 ?"
- Reply: Klaus Moeller: "UDP Probes (?) from port 28432 to 28431 ?"
- Reply: Alexander Schreiber: "Re: UDP Probes (?) from port 28432 to 28431 ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]