Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Port 17889 - new attack?
From: "Christian Sarmoria" <cgsarmor () ecs syr edu>
Date: Tue, 9 Oct 2001 12:07:05 -0400
Could be Netlet, on its default configuration, since Netlet server listens
on ports 9877 and 9878, and connects to ports 17888 and 17889 on the
intranet server 'intra-serv', respectively.

Although it could be something else out there connecting to your machine on
port 17889, you can take a look at Netlet (iPlanet Portal Server too) at:
http://docs.iplanet.com/docs/manuals/portal/30/ag/netlet.htm
It's quite long, but do a 'find' for '17889' in the loaded web page to go to
the relevant part of the document.
Good luck.

Christian.



----- Original Message -----
From: "James Willmore" <jwillmore () cyberia com>
To: <focus-virus () securityfocus com>; <incidents () securityfocus com>;
<SECURITY-BASICS () securityfocus com>
Sent: Tuesday, October 09, 2001 1:51 AM
Subject: Port 17889 - new attack?



This is an email sent to me by SWATCH.  I've gotton quite a few of these

packets from various sources.  What is this??  Although I have dropped the
packet, I wonder what this is.


Any ideas, thoughts, answers are welcomed.

Thanks.

Begin forwarded message:

Date: Tue, 9 Oct 2001 01:34:22 -0400
From: root <root () xxxx>
To: root () xxxx
Subject: 'SWATCH - Droped packet'


Oct  9 01:34:15 xxxx kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=

SRC=172.180.19.4 DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=63493 DF
PROTO=TCP SPT=21027 DPT=17889 WINDOW=8192 RES=0x00 SYN URGP=0



--
Jim Willmore
jwillmore () cyberia com

--------------------------------------------------------------------------

--

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]