Security Incidents mailing list archives
Port 6635
From: "Craig, Scott" <SCraig () kmart com>
Date: Fri, 21 Sep 2001 08:27:09 -0400
We received a very fast scan (probe) for port 6635 last night. I did a search through the messages on the incidents.org mailing list and didn't see any conclusive findings as to the tools being used or the purpose. Does anyone have any further information on this yet? The probe occurred on 9/20/01 at 22:16 Eastern time. All within the same minute, lasting only 2 seconds. Source Dest. Source IP Port Destination IP's Port Protocol --------- ------ ------------------ ---- -------- 216.89.160.33 6635 MYIP.xxx.xxx.1-254 6635 TCP Sorry, but I don't have a copy of the raw packet for display to determine any of the flags being used. -- DNS lookup done this morning came back to: flare-raq1.flarenetworks.com SAVVIS Communications (NETBLK-SAVVIS7) SAVVIS7 216.88.0.0 - 216.91.255.255 Flare Interactive (NETBLK-SAVV-FLAREINTER2) SAVV-FLAREINTER2 216.89.160.0 - 216.89.161.255 Server used for this query: [ whois.arin.net ] Flare Interactive (NETBLK-SAVV-FLAREINTER2) 233 Linden Street Fort Collins, CO 80524 US Netname: SAVV-FLAREINTER2 Netblock: 216.89.160.0 - 216.89.161.255 Maintainer: FLAR Coordinator: MacDonald, Kyle (KM372-ARIN) kylemac () flarenetworks com 970-470-3300 Record last updated on 10-Apr-2000. Database last updated on 20-Sep-2001 23:16:45 EDT. ========== Server used for this query: [ whois.arin.net ] SAVVIS Communications (NETBLK-SAVVIS7) 717 Office Parkway Creve Coeur, MO 63141 US Netname: SAVVIS7 Netblock: 216.88.0.0 - 216.91.255.255 Maintainer: SAVV Coordinator: SAVVIS A Bridge Company (ZS36-ARIN) ipadmin () savvis net 314-468-7000 Domain System inverse mapping provided by: NS1.SAVVIS.NET 209.16.211.42 NS2.SAVVIS.NET 204.194.10.206 ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE Record last updated on 10-Mar-2000. Database last updated on 20-Sep-2001 23:16:45 EDT. Scott ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Port 6635 Craig, Scott (Sep 21)
- Re: Port 6635 Matthew Leeds (Sep 21)