Home page logo
/

nanog logo nanog mailing list archives

Re: port 554 scans?
From: Joel Jaeggli <joelja () darkwing uoregon edu>
Date: Fri, 29 Aug 2003 09:13:46 -0700 (PDT)


554 is a port associated with rtsp... 

There is a real helix server vulnerability that may be associated with 
those probes...

http://www.securityfocus.com/archive/75/334900/2003-08-19/2003-08-25/0

yeah:

http://www.k-otik.com/exploits/08.25.THCREALbad.c.php

int main(int argc, char *argv[])
{ 
unsigned short realport=554;
unsigned int sock,addr,os,rc;
unsigned char *finalbuffer,*osbuf;
struct sockaddr_in mytcp;
struct hostent * hp;
WSADATA wsaData;

joelja

On Fri, 29 Aug 2003, Stephen J. Wilcox wrote:



Anyone know what the source of the recent increase in scans of port 554 are?

http://isc.incidents.org/port_details.html?port=554

I cant find any related virus/worms using this?

Maybe its nothing, just some abuse complaints we got from port 554 scanning...

Steve


-- 
-------------------------------------------------------------------------- 
Joel Jaeggli           Unix Consulting         joelja () darkwing uoregon edu    
GPG Key Fingerprint:     5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2



  By Date           By Thread  

Current thread:
  • port 554 scans? Stephen J. Wilcox (Aug 29)
    • Re: port 554 scans? Joel Jaeggli (Aug 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]