Security Incidents mailing list archives
Re: Scans to port 5864?
From: Fredrik Ostergren <fredrik.ostergren () FREEBOX COM>
Date: Tue, 8 Aug 2000 12:12:16 -0000
Maybe it's just a simple bindshell that someone have binded on a few unknown hosts, that way, portscanning whole class a nets to find them. / Fredrik. I've been seeing a lot of this type of scan occuring lately. nmap's service file does not have port 5864 listed. Any idea what it is? Aug 3 04:30:31 kernel: Packet log: inet-in DENY ppp0 PROTO=6 216.52.6.46:80 116.238.78.50:5864 L=188 S=0x00 I=7266 F=0x4000 T=119 (#19) Aug 3 04:30:43 kernel: Packet log: inet-in DENY ppp0 PROTO=6 216.52.6.46:80 116.238.78.50:5864 L=188 S=0x00 I=26239 F=0x4000 T=119 (#19) Aug 3 04:31:09 kernel: Packet log: inet-in DENY ppp0 PROTO=6 216.52.6.46:80 116.238.78.50:5864 L=188 S=0x00 I=30394 F=0x4000 T=119 (#19) Aug 3 04:32:04 kernel: Packet log: inet-in DENY ppp0 PROTO=6 216.52.6.46:80 116.238.78.50:5864 L=188 S=0x00 I=63273 F=0x4000 T=119 (#19) Aug 3 04:33:03 kernel: Packet log: inet-in DENY ppp0 PROTO=6 216.52.6.46:80 116.238.78.50:5864 L=188 S=0x00 I=9650 F=0x4000 T=119 (#19) # nslookup 216.52.6.46 Server: xxxxxxxxxx Address: 192.168.1.1 Name: flfc06-6l.flycast.com Address: 216.52.6.46
Current thread:
- Scans to port 5864? Mike A. Harris (Aug 03)
- Re: Scans to port 5864? Fredrik Ostergren (Aug 08)