Security Incidents mailing list archives

Re: Port 6112

From: bugtraq () NETWORKICE COM (Robert Graham)
Date: Mon, 20 Mar 2000 15:09:48 -0800


The game Diablo running on BattleNet servers will use this port.
http://www.battle.net/support/faq/mac.shtml

Are you seeing such things as "scans" or just a bunch of connection
attempts? Remember that if you dialup the Internet, you will likely get
"scanned" the moment you logon. What is really happening is that your have
inheritted the IP address of somebody else who was playing a game or
chatting. Some products are very agressively at trying to reestablish the
connection, so you may be getting TCP connection requests or UDP packets
even 20 minutes later.

There are LOTs of these applications out there; so if you see the same
request over and over soon after dialing up, this is amost certainly the
cause. On the other hand, some hackers do "camp" on dialup ranges, waiting
for somebody to dialup that has the particular vulnerability they are
looking for.

Robert Graham

-----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTS () securityfocus com]On
Behalf Of Stuart Staniford-Chen
Sent: Friday, March 17, 2000 3:08 AM
To: INCIDENTS () securityfocus com
Subject: Port 6112

I have recently seen several scans on port 6112 (both TCP and UDP).  I
can't find any information on this port on several lists of ports and
their uses.  Anyone know what might use this port?

Thanks,

Stuart.

P.S.  It doesn't seem to me that there's a way to search the archive for
the incidents mailing list.  Did I miss it?  That would be a really nice
feature at www.securityfocus.com

--
Stuart Staniford-Chen --- President --- Silicon Defense
                   stuart () silicondefense com
(707) 822-4588                     (707) 826-7571 (FAX)

Current thread:

Front Page Extensions, (continued)
- - - Front Page Extensions vventura () SIA PT (Mar 28)
    - Re: sgi-dgl scanning E. Larry Lidz (Mar 28)
    - Syn attacks ? Klavs Klavsen (Mar 28)
    - Re: lots of interest in port 109 (POP2) markus tromday (Mar 22)
- Re: lots of interest in port 109 (POP2) Donald McLachlan (Mar 07)
  - Re: lots of interest in port 109 (POP2) Paul Rice (Mar 13)
  - Munged Napster Sessions Stephen P. Berry (Mar 13)
    - Looking for Squid Proxies Cy Schubert - ITSD Open Systems Group (Mar 16)
    - Re: Munged Napster Sessions Vanja Hrustic (Mar 16)
    - Port 6112 Stuart Staniford-Chen (Mar 17)
    - Re: Port 6112 Robert Graham (Mar 20)
    - Re: Port 6112 Stuart Staniford-Chen (Mar 20)
    - nbname scans Rick Tortorella (Mar 20)
    - Port 27960 Stuart Staniford-Chen (Mar 17)
    - Re: Port 27960 steve balla (Mar 20)
    - Re: Port 27960 Odd Arne Beck (Mar 20)
    - Re: Port 27960 David Groves (Mar 21)
    - Re: Port 27960 Sean Birkholz (Mar 25)
    - Followup Analysis of a Shaft DDoS Node and Master Richard Wash (Mar 28)
    - Re: Port 27960 steve balla (Mar 28)
    - Re: Port 27960 TJ Jablonowski (Mar 28)

(Thread continues...)