Firewall Wizards mailing list archives
RE: UDP 22 & 5632
From: "Dave Stone" <dave () csecnet com>
Date: Mon, 10 Apr 2000 15:23:10 -0700
Try looking for PC-anywhere. I found this same pattern in a client's site. Probably being used for remote admin of the NT server. Dave Stone Principle CornerStone Secure Networks 143 Livermore Way Folsom, CA 95630 www.csecnet.com -----Original Message----- From: owner-firewall-wizards () lists nfr net [mailto:owner-firewall-wizards () lists nfr net]On Behalf Of Aaron Turner Sent: Wednesday, April 05, 2000 4:53 PM To: firewall-wizards () nfr net Subject: [fw-wiz] UDP 22 & 5632 I'm seeing a reoccuring pattern where a system will sequentially scan a network over and over and over (sometimes for hours) trying to connect to UDP 22 & 5632. The source port is pretty static, always near (but higher than) 1024. Anyone with an idea of what this is? It seems to be running on a Windows (most likely NT since the IP is in a co-lo) system. -- Aaron Turner aturner () vicinity com 650.237.0300 x252 Security Engineer Vicinity Corp. Cell: 408-314-9874 http://www.vicinity.com
Attachment:
Dave Stone (E-mail).vcf
Description:
Current thread:
- UDP 22 & 5632 Aaron Turner (Apr 10)
- Re: UDP 22 & 5632 Anthony DeBoer (Apr 11)
- Re: UDP 22 & 5632 Mike Barkett (Apr 11)
- Re: UDP 22 & 5632 John Hall (Apr 11)
- Re: UDP 22 & 5632 spiff (Apr 11)
- RE: UDP 22 & 5632 Dave Stone (Apr 11)
- <Possible follow-ups>
- Re: UDP 22 & 5632 kos (Apr 13)