|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Scan of TCP 552-554
From: Bill McCarty (bmccarty
pt-net.net)
Date: Thu Jul 24 2003 - 02:08:21 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi all,
A scan of TCP 552-554 just passed through my class C network. The scanner
expressed some interest in one host listening on TCP 554 and so is pretty
clearly looking for RTSP servers. As it happens, the responding server is a
honeypot running Windows 2003. The scanner didn't seem to send an attack;
apparently, it was merely a probe.
What might it be looking for on TCP 552-553 and, more particularly, why
might a scanner interested in RTSP also scan those ports? The ports are
registered for use by deviceshare and PIRP (Public Information Retrieval
Protocol). But, I don't suspect that the scanner is interested in those
services, since they don't seem to be associated with RTSP. Could the
scanner simply be comparing the response for port 554 with those for the
other ports, in order to assess possible firewall rules?
Thanks for your thoughts!
---------------------------------------------------
Bill McCarty
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]