-----BEGIN PGP SIGNED MESSAGE-----
Xander Jansen writes:
> Has anyone seen UDP subnet-sweeps to port 28431 ? We've received a few
> reports the last months about rather persistent and recurring subnet-scans
> targetted at this specific port. All the probes are short UDP packets with
> source port 28432 and destination port 28431. Typical pattern is also that
> within a few seconds a complete subnet (/24 for example) is probed on this
> port (and this port only). (I'm sorry to say that we don't have any info
> on the contents of these packets yet).
>
> I was wondering if anyone knows about either a valid or malicious
> application using these ports (I couldn't find any reference in the usual
> portlists) ?
The pattern reminds me of the HACK'A'TACK scans (UDP 33790 -> 33789)
Perhaps somebody has changed the configs ?
We haven't seen scans like that so far.
Klaus Moeller
- --
Klaus Moeller | mailto:moeller_at_cert.dfn.de
DFN-CERT GmbH |
Vogt-Koelln-Str. 30 | Phone: +49(40)42883-2262
D-22527 Hamburg | FAX: +49(40)42883-2241
Germany | PGP-Key: finger moeller_at_ftp.cert.dfn.de
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQEVAwUBOMUrgYrEggYLt8j5AQFB9gf9EYi8XTEcoSwRZotyOrfEdxixglYfwiN6
t44AxYyx4BadCMP0wrAaysJY54ZlTx2E0jCXn6ky9HeNUX1TqjwbyjAsSMHQXBIk
DBkngamSPFBf/zpE5ihcZ/A2DjeEwWZdpveqMLdHvh0rXqmLxxZSCLMMIUUDU1lW
g7wT5UJbFwojliy7oxF3hlm+SBvlUN3+0rtSHssSWjRZ22bhgllQdgLFczIC1Bum
s5BGg1+uxiC5uqL69FPN6lPob/TnhdS1pSX19oIV8itD61vXOdXr6IkCJDzqlRW5
cToKzrDYQts44hbn2D9i7dUJ1oTToFxixaUFHfbPhZ1ksv5L7+qwEA==
=onH9
-----END PGP SIGNATURE-----
Received on Mar 07 2000
Intro
