Security Incidents mailing list archives
Re: 6112/TCP scans
From: dewt <dewt () kc rr com>
Date: Fri, 7 Dec 2001 17:57:42 -0600
On Friday 07 December 2001 03:14 pm, Paul Dokas wrote:
Is anyone else seeing large numbers of 6112/TCP scan coming from 63.240.0.0 - 63.242.255.255? I'm seeing about 10/minute destined to random IPs within my networks. The scanning technique looks exactly like the TCPMUX scans that were occuring a few months ago (forgive me, I can't remember what the technique was, just that it was really odd). Obviously, they're looking for vulnerable CDE installations. Paul
6112 is the port used by blizzard's battlenet, you might just have people playing diablo 2,starcraft, or whatever on your network ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- 6112/TCP scans Paul Dokas (Dec 07)
- Re: 6112/TCP scans dewt (Dec 07)
- Re: 6112/TCP scans Paul Dokas (Dec 11)
- Re: 6112/TCP scans Neil Long (Dec 11)
- Re: 6112/TCP scans Paul Dokas (Dec 11)
- Re: 6112/TCP scans Paul Dokas (Dec 11)
- Re: 6112/TCP scans dewt (Dec 07)