Synscan on port 2223

["Fernando Cardoso" <fernando.cardoso () whatevernet com>]

Hi

I've just noticed in my logs a scan from someone in Colombia to port 2223.
It was clearly made with synscan (source port=destination port, ID=39426 and
Window=404). What makes me think is the purpose of it. What (s)he's looking
for? According to my port database it could be:

- Rockwell CSP3
- Allen-Bradley unregistered port
- Beowulf Manager
- Phonax DNS Loadsharing Failover-server

Am I missing some new e133t stuff??

Fernando

--
Fernando Cardoso - Security Consultant       WhatEverNet Computing, S.A.
Phone : +351 21 7994200                      Praca de Alvalade, 6 - Piso 6
Fax   : +351 21 7994242                      1700-036 Lisboa - Portugal
email : fernando.cardoso () whatevernet com     http://www.whatevernet.com/



_____________________________________________________________________
                      INTERNET MAIL FOOTER 
A presente mensagem pode conter informação considerada confidencial.
Se o receptor desta mensagem não for o destinatário indicado, fica
expressamente proibido de copiar ou endereçar a mensagem a terceiros.
Em tal situação, o receptor deverá destruir a presente mensagem e por
gentileza informar o emissor de tal facto.
---------------------------------------------------------------------
Privileged or confidential information may be contained in this
message. If you are not the addressee indicated in this message, you
may not copy or deliver this message to anyone. In such case, you
should destroy this message and kindly notify the sender by reply
email.
---------------------------------------------------------------------



----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com