Large increase in TCP/554 (rtsp) scans

[Ben Nelson <lists () venom600 org>]

In the last two days I have seen a large increase in scans destined for 
port 554, which is traditionally the rtsp (Real Time Streaming Protocol) 
port.  These scans are coming from a large number of different hosts 
from many different ISP's.  These scans have hit two different class C 
IP blocks of mine that are geographically dispersed and owned by two 
different service providers.

I haven't seen any recent exploits for any streaming media products.  Or 
are any other known back doors configured to listen on this port?  I 
don't have any servers running any of these services any way, so it 
seems like blind scanning.

Has anyone else seen a similar increase?  Or does anyone know if a new 
DDOS for any of the streaming media servers has popped up?

Thanks,
--Ben


---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_incidents_031023
and use priority code SF4.
----------------------------------------------------------------------------