Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Port 2492
From: "Bobby, Paul" <paul.bobby () lmco com>
Date: Mon, 08 Mar 2004 15:10:54 -0500
Had a user log in from home and start SYN sweeping on port 2492 to various addresses, 10.10.x.x,10.11.x.x, 192.x.x.x, 
137.x.x.x and so forth.

The port is close to bagle, but I don't think it is that. The only port reference I could find was the Groove 
collaboration software. I haven't spoken with the user yet, but the target addresses (about 40 of them) don't look 
'groove'like.


Paul Bobby
Network Security Investigations and Forensics
Got Root?


---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at 
http://www.securityfocus.com/sponsor/Astaro_incidents_040301
----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
  • Port 2492 Bobby, Paul (Mar 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]