<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Security Incidents: UDP Probes (?) from port 28432 to 28431 ?

UDP Probes (?) from port 28432 to 28431 ?

From: Xander Jansen <Xander.Jansen_at_SURFNET.NL>
Date: Sat, 4 Mar 2000 11:45:28 +0100

Hi,

Has anyone seen UDP subnet-sweeps to port 28431 ? We've received a few
reports the last months about rather persistent and recurring subnet-scans
targetted at this specific port. All the probes are short UDP packets with
source port 28432 and destination port 28431. Typical pattern is also that
within a few seconds a complete subnet (/24 for example) is probed on this
port (and this port only). (I'm sorry to say that we don't have any info
on the contents of these packets yet).

I was wondering if anyone knows about either a valid or malicious
application using these ports (I couldn't find any reference in the usual
portlists) ?

Thanks,

Xander Jansen
CERT-NL/SURFnet
Received on Mar 06 2000

This message: [ Message body ]
Next message: Chuck Phillips: "Re: Cracked; rootkit - entrapment question?"
Previous message: Chris Davis: "Re: CNET Hackers hit e-commerce site"
In reply to: Vincent Lee: "CNET Hackers hit e-commerce site"
Next in thread: Klaus Moeller: "UDP Probes (?) from port 28432 to 28431 ?"
Reply: Klaus Moeller: "UDP Probes (?) from port 28432 to 28431 ?"
Reply: Alexander Schreiber: "Re: UDP Probes (?) from port 28432 to 28431 ?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos