Full Disclosure mailing list archives

Re: Anyone else exoeriencing blasts o' port 6129 TCP?

From: "Rob Schrack" <rob_schrack () urmc rochester edu>
Date: Sat, 3 Jan 2004 18:04:27 -0500

Oh yeah... just after Christmas, 6129 accounted for maybe 25% of the packets
we submitted to dshield.  In the past 5 days, they've accounted for nearly
1/2 of two million plus packets.

I've been wonderin' if anyone else had been seeing it....

----- Original Message ----- 
From: "Jim Race" <caferace () well com>
To: "LC" <full-disclosure () lists netsys com>
Sent: Saturday, January 03, 2004 12:37 PM
Subject: [Full-disclosure] Anyone else exoeriencing blasts o' port 6129 TCP?

I noticed some action the previous 48 hours, and on checking logs this
morning it seems that port 6129 (DameWare Remote Admin) was the common
factor. ISC seems to have it on the top of their trends list:

http://isc.sans.org/top10.html

hmmmm.

-jim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Anyone else exoeriencing blasts o' port 6129 TCP? Jim Race (Jan 03)
- Re: Anyone else exoeriencing blasts o' port 6129 TCP? Gregory A. Gilliss (Jan 03)
  - Re: Anyone else exoeriencing blasts o' port 6129 TCP? Klaus Lichtenwalder (Jan 03)
- Re: Anyone else exoeriencing blasts o' port 6129 TCP? Rob Schrack (Jan 03)
  - Re: Anyone else exoeriencing blasts o' port 6129 TCP? Jim Race (Jan 03)
    - Re: Anyone else exoeriencing blasts o' port 6129 TCP? KF (Jan 03)
    - Re: Anyone else exoeriencing blasts o' port 6129 TCP? Rob Schrack (Jan 04)
- Re: Anyone else exoeriencing blasts o' port 6129 TCP? Jeff Kell (Jan 03)