|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Port 3889 Traffic
From: Meidinger Chris (chris.meidinger
badenit.de)
Date: Mon May 10 2004 - 10:31:28 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Actually, ms terminal services runs on port 3389.
I can't think of anything that would use 3889 either.
notice that on the dshield port report, there are many sources and few
targets.
http://www.dshield.org//port_report.php?port=3889&recax=1&tarax=2&srcax=2&pe
rcent=N&days=40&Redraw=
sounds like concentrated scanning. do you correlate your logs with dshield?
It might be a good idea, to get an idea of what you are seeing compared to
the rest of the internet.
Cheers,
Chris Meidinger
> -----Original Message-----
> From: kang [mailto:kanginsecure.ws]
> Sent: Monday, May 10, 2004 4:59 PM
> To: incidentssecurityfocus.com
> Subject: Re: Port 3889 Traffic
>
> Eric Ceradsky wrote:
> > I've been seeing a lot of port 3889 traffic externally lately but
> > haven't been able to dig up any known issues with that
> port.. Used to
> > be one address and overnight tis quickly spawned to
> several. Brazil,
> > US, UK, etc. Anyone have any ideas?
>
> that's Terminal Server, or Remote Desktop, on Windows.
> An utility to take a visual remote control of a computer.
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------
>
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]