Firewall Wizards mailing list archives
Re: UDP 22 & 5632
From: spiff <spiff () bway net>
Date: Tue, 11 Apr 2000 00:06:12 -0400 (EDT)
port 22 is ssh port 5632 is PCAnywhere if it's not a scan, most likely it is a misconfiguration. if it is a scan in preparation for an attack, a likely scenario based on that pattern is to break-in using pc-anyone and give myself a login and then use ssh to have an encrypted session for further hi-jinx. I'd blackhole them. then mail their admin. tell him to fix it asap. On Wed, 5 Apr 2000, Aaron Turner wrote:
I'm seeing a reoccuring pattern where a system will sequentially scan a network over and over and over (sometimes for hours) trying to connect to UDP 22 & 5632. The source port is pretty static, always near (but higher than) 1024. Anyone with an idea of what this is? It seems to be running on a Windows (most likely NT since the IP is in a co-lo) system. -- Aaron Turner aturner () vicinity com 650.237.0300 x252 Security Engineer Vicinity Corp. Cell: 408-314-9874 http://www.vicinity.com
Current thread:
- UDP 22 & 5632 Aaron Turner (Apr 10)
- Re: UDP 22 & 5632 Anthony DeBoer (Apr 11)
- Re: UDP 22 & 5632 Mike Barkett (Apr 11)
- Re: UDP 22 & 5632 John Hall (Apr 11)
- Re: UDP 22 & 5632 spiff (Apr 11)
- RE: UDP 22 & 5632 Dave Stone (Apr 11)
- <Possible follow-ups>
- Re: UDP 22 & 5632 kos (Apr 13)