Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: Port Scan on 371...

Re: Port Scan on 371...

From: Fisher, Lee <Lee_Fisher_at_NAI.COM>
Date: Sun, 2 Jan 2000 13:00:55 -0800

Well, port 371 is used by Backweb. There is a proxy for
many firewalls for the port ( UDP )

Backweb servers 'push' subscribed content to the subscriber
in that manner you are describing.

Obviously, I cannot comment for the IP address you are
receiving the scans from.

Lee

-----Original Message-----
From: M. Edward Wilborne III [mailto:wilborne_at_GAMEWOOD.NET]
Sent: 02 January 2000 15:10
To: INCIDENTS_at_SECURITYFOCUS.COM
Subject: Port Scan on 371...

Hello All,

I'm seeing port scans on our network for port 371:

Which I found port info at:

http://www.con.wesleyan.edu/~triemer/network/docservs.html

clearcase 371/tcp Clearcase
clearcase 371/udp Clearcase

However, I'm not sure what Clearcase is. Can anyone help with that?

The scan is coming from: 206.251.4.210

Which Visual Traceroute shows as going to the domain: glbx.net

After configuring my web browser to not trust the site, it is running a web
server, this data comes back from it:

You are accessing a BackWeb channel (it is not a normal Web site).

To learn about BackWeb, click here.

ARIN lists the network as belonging to Global Crossing.

Ed
Received on Jan 02 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos