Security Incidents mailing list archives
RE: tcp/554 scans
From: "Manuel Fernandes" <manuelf () hotmail com>
Date: Wed, 14 May 2003 18:39:38 -0700
My thoughts: something interesting I found was that Microsoft's Media Server 9 supposedly runs on Cougar/9.00.00.3352 --- not confirmed yet. However, that server had some old vulnerabilities which might still be accessible. Perhaps users are trying to use RTSP to create havoc or snoop around if you have some kind of streaming going on. Off topic: I did a port 80 walk and found out some old stuff http://x.x.x.x/%3CSCRIPT%3Ealert%28document%3EURL%29%3C/SCRIPT%3E/ http://x.x.x.x/.ns4/../winnt/win.ini http://x.x.x.x/.HTACCESS. --> Manuel -----Original Message----- From: Maciej Bogucki [mailto:maciej.bogucki () artegence com] Sent: Wednesday, May 14, 2003 4:57 AM To: Aaron Cheek; incidents () securityfocus com
I received a sequential tcp/554 scan of one of my Class Cs.
Me too.
AFAIK tcp/554 is rtsp (Real Time Streaming Protocol). Any known vulns in rtsp? Any other known guys sleeping on that port? Anyone seeing this?
See: http://www.securityfocus.org/bid/7020 http://www.hack.co.za/download.php?file=586 Best Regards Maciej Bogucki ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------
Current thread:
- tcp/554 scans Aaron Cheek (May 13)
- Re: tcp/554 scans Maciej Bogucki (May 14)
- RE: tcp/554 scans Manuel Fernandes (May 15)
- UDP/137 scans -- new worm? David Gillett (May 14)
- Re: UDP/137 scans -- new worm? Andrew Simmons (May 15)
- <Possible follow-ups>
- Re: tcp/554 scans Kevin Patz (May 14)
- RE: tcp/554 scans wjnorth (May 16)
- Re: tcp/554 scans Maciej Bogucki (May 14)