Security Incidents mailing list archives
Connections to Port 5632
From: Doug Winter <dwinter () BUSINESSEUROPE COM>
Date: Fri, 4 Aug 2000 13:41:06 +0100
For the last few days we have seen a large number of connections (7409 at last count) to port 5632 of one of our systems. These have all been dropped by our firewall. All connections have the same source address, and this address has not connected to any other ports. The attempts ran continuously for 48 hours. I've done a bit of digging and port 5632 is a pcAnywhere port, so this looks like someone running pcAnywhere, or an exploit for it, against this system - which is a bit dumb, since it's a UNIX box. This all looks a bit weird to me, which makes me think there might be another explanation. Has anyone got any ideas what else it might be? Cheers, Doug Winter Chief Technology Officer T: +44 (0)20 7961 0341 M: +44 (0)7879 423 002 E: dwinter () businesseurope com 3 Waterhouse Square, Holborn Bars, 142 Holborn, London EC1N 2NX
Current thread:
- Connections to Port 5632 Doug Winter (Aug 04)
- Re: Connections to Port 5632 Valdis Kletnieks (Aug 07)
- Re: Connections to Port 5632 Paul L Schmehl (Aug 07)
- <Possible follow-ups>
- Re: Connections to Port 5632 Doug Winter (Aug 07)
- FW: Connections to Port 5632 Forrester, Mike (Aug 08)
- Re: FW: Connections to Port 5632 Philipp Buehler (Aug 09)
- Re: FW: Connections to Port 5632 GraffiX (Aug 10)
- Re: FW: Connections to Port 5632 Philipp Buehler (Aug 13)
- Re: FW: Connections to Port 5632 GraffiX (Aug 14)
- Re: FW: Connections to Port 5632 Philipp Buehler (Aug 09)