Firewall Wizards mailing list archives

RE: UDP 22 & 5632

From: "Dave Stone" <dave () csecnet com>
Date: Mon, 10 Apr 2000 15:23:10 -0700

Try looking for PC-anywhere.  I found this same pattern in a client's site.
Probably being used for remote admin of the NT server.

Dave Stone
Principle
CornerStone Secure Networks
143 Livermore Way
Folsom, CA  95630
www.csecnet.com



-----Original Message-----
From: owner-firewall-wizards () lists nfr net
[mailto:owner-firewall-wizards () lists nfr net]On Behalf Of Aaron Turner
Sent: Wednesday, April 05, 2000 4:53 PM
To: firewall-wizards () nfr net
Subject: [fw-wiz] UDP 22 & 5632



I'm seeing a reoccuring pattern where a system will sequentially scan a
network over and over and over (sometimes for hours) trying to connect to
UDP 22 & 5632.  The source port is pretty static, always near (but higher
than) 1024.

Anyone with an idea of what this is?  It seems to be running on a Windows
(most likely NT since the IP is in a co-lo) system.

--
Aaron Turner        aturner () vicinity com  650.237.0300 x252
Security Engineer                         Vicinity Corp.
Cell: 408-314-9874                        http://www.vicinity.com

Attachment: Dave Stone (E-mail).vcf
Description:

Current thread:

UDP 22 & 5632 Aaron Turner (Apr 10)
- Re: UDP 22 & 5632 Anthony DeBoer (Apr 11)
- Re: UDP 22 & 5632 Mike Barkett (Apr 11)
- Re: UDP 22 & 5632 John Hall (Apr 11)
- Re: UDP 22 & 5632 spiff (Apr 11)
- RE: UDP 22 & 5632 Dave Stone (Apr 11)
- <Possible follow-ups>
- Re: UDP 22 & 5632 kos (Apr 13)