OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
RE: Port 554 - Quicktime scans, what's up

From: James C. Slora, Jr. (Jim.Sloraphra.com)
Date: Fri Aug 29 2003 - 12:00:53 CDT


Mike Shelby wrote Friday, August 29, 2003 6:33 AM
> Is anyone seeing scans on port 554 for Quicktime streaming
> and/or does anyone know if there is a Qtime streaming
> vulnerability being probed? Here is an example scan:
>
> UTC 2003/08/29 00:59:02.368 - TCP connection dropped
> - Source:4.47.216.107, 1905, WAN -
> Destination:192.168.168.200, 554, LAN - 'Quicktime' - Rule 16

These probes appear to be everywhere. I am getting them too. From what
I'm told, they are root exploits on RealServer (all versions). See Brian
Collins' post "compromised Real Server 8".

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------