Re: scan log

[paul.rogers () MIS-CDS COM (Paul Rogers)]

Hi,

TCP port 2638 is the default port for Sybase's Adaptive Server Anywhere
version 6.x Database Server software. I think you'll find that the scanner
was looking for an active Sybase database server on your system.

HTH,

Paul Rogers,
Network Security Analyst.

MIS Corporate Defence Solutions Limited

Tel:            +44 (0)1622 723422 (Direct Line)
                +44 (0)1622 723400 (Switchboard)
Fax:            +44 (0)1622 728580
Website:        http://www.mis-cds.com/

-----Original Message-----
From: Max Gribov [mailto:mgribov () KPLAB COM]
Sent: Monday, June 12, 2000 4:31 AM
To: INCIDENTS () SECURITYFOCUS COM
Subject: scan log

this are logs of a port scan i have recently recieved on one of my
machines. i searched for those ports in all known port databases to me,
but couldnt find anything. why would someone scan that specific range
(observe the precise inrementation) of ports on a linux machine?

Jun 11 22:20:21 mordor scanlogd: From 209.3.31.70:20 to 151.202.106.23
ports 2632, 2633, 2634, 2635, 2636, 2637, 2638, 2639, 2640, ..., flags
??r??u, TOS 00, TTL 60, started at 22:20:13


--
Max Gribov
System Administrator

Knowledge Propulsion Laboratories
www.kplab.com

**********************************************************************
The information contained in this message or any of its attachments may be privileged and confidential and intended for 
the exclusive use of the addressee. If you are not the addressee any disclosure, reproduction, distribution or other 
dissemination or use of this communications is strictly prohibited.

The views expressed in this e-mail are those of the individual and not necessarily of MIS Corporate Defense Solutions 
Ltd. Any prices quoted are only valid if followed up by a formal written quote.

If you have received this transmission in error, please contact our Security Manager on 44 (0) 1622 723400.
**********************************************************************