Security Incidents mailing list archives
odd new scan (or attack?) on TCP 14880
From: JB Krewson <jkrewson () QPASS COM>
Date: Fri, 24 Nov 2000 11:58:41 -0800
Is anyone else seeing prolonged, determined probes against TCP port 14880? Any idea what it is? They're usually in bursts of 60-80 attempts in a 1 minute period, against all of the addresses in a subnet. They just started in the last 24 hours, and have popped up off and on all day. The source IPs do not appear to be spoofed (or they're consistantly spoofed), in that they are coming from a dial-in connection to the same couple of ISPs each time. So, I'm thinking the purpose is more likely to be intrusion that information gathering or DOS. They aren't getting anywhere (or likely to), but if it's part of a broader attack, I'd like to look into it. I can't find 14880 associated with any common Trojans, and it has no mentions in CVE or XForce. Any hints on where to look would be appreciated. J.B. Krewson Qpass Operations
Current thread:
- odd new scan (or attack?) on TCP 14880 JB Krewson (Nov 28)