|
Security Incidents
mailing list archives
Re: scans on port 57
From: John Jørgensen <john () safe2day dk>
Date: Wed, 13 Nov 2002 11:01:30 +0100
Nothing really.
Hava a look at Internet storm center, where Johannes Ulrich is explaining the phenomena.
It's a scanning-tool, trying to connect due to the fact that this port normally is not used for anything.
Check out:
http://isc.incidents.org/show_comment.html?id=28
It is a mere TCP/IP fingerprinting.
John Joergensen
Safe2day.dk
----- Original Message -----
From: Ingersoll, Jared <jared () cswv com>
To: <incidents () securityfocus com>
Sent: Tuesday, November 12, 2002 2:00 PM
Subject: scans on port 57
I'm seeing a lot of blocked scans on port 57 in my firewall logs, many times
in conjunction with a port 80 or port 21 scan. I was working under the
assumption that these were related to a misconfigured port scanner, but I'm
seeing them from a pretty diverse set of source addresses, so now I'm
curious what they're looking for.
jared
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
- scans on port 57 Ingersoll, Jared (Nov 13)
- Re: scans on port 57 John Jørgensen (Nov 13)
|
Intro
