|
Security Incidents
mailing list archives
RE: Port 3889 Traffic
From: Meidinger Chris <chris.meidinger () badenit de>
Date: Mon, 10 May 2004 17:31:28 +0200
Actually, ms terminal services runs on port 3389.
I can't think of anything that would use 3889 either.
notice that on the dshield port report, there are many sources and few
targets.
http://www.dshield.org//port_report.php?port=3889&recax=1&tarax=2&srcax=2&pe
rcent=N&days=40&Redraw=
sounds like concentrated scanning. do you correlate your logs with dshield?
It might be a good idea, to get an idea of what you are seeing compared to
the rest of the internet.
Cheers,
Chris Meidinger
-----Original Message-----
From: kang [mailto:kang () insecure ws]
Sent: Monday, May 10, 2004 4:59 PM
To: incidents () securityfocus com
Subject: Re: Port 3889 Traffic
Eric Ceradsky wrote:
I've been seeing a lot of port 3889 traffic externally lately but
haven't been able to dig up any known issues with that
port.. Used to
be one address and overnight tis quickly spawned to
several. Brazil,
US, UK, etc. Anyone have any ideas?
that's Terminal Server, or Remote Desktop, on Windows.
An utility to take a visual remote control of a computer.
--------------------------------------------------------------
-------------
--------------------------------------------------------------
--------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- Re: Port 3889 Traffic, (continued)
|
Intro
