Ports 1800, 1945

[jfesler () GIGO COM (Jason Fesler)]

I'm seeing more and more probes for ports 1800 and 1945, with many such
probes being sourced from well known commonly open port numbesr (ie, 23,
6667).  These probes are now easily outnumbering even the imap probes.
Today alone I've seen a large number of probes from at least 4 unique IP
addresses.  Anyone have any leads on what they are looking for?  I could
not find anything in bugtraq, rootshell, etc.

(IP addresses changed to protect the identities of the recipient)

Subject: fw1 (Gauntlet 4.0) frequent check output

Security Alerts
---------------
Dec 20 17:35:44 fw1.________.com unix: securityalert: no match found in
forward screen: TCP if=le0 srcaddr=__.(uunet dialup).__ srcport=6667
dstaddr=__.__.__.__ dstport=1945
Dec 20 17:40:04 fw1.________.com unix: securityalert: no match found in
forward screen: TCP if=le0 srcaddr=__.(uunet dialup).__ srcport=6667
dstaddr=__.__.__.__ dstport=1800



Jason Fesler  <jfesler () gigo com>  |".. and ten thousand noblemen squatted and
Good, Fast, Cheap -               | strained, for the King's word, was law."
  Pick any two.                   |        - SCA Folklore