Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Port 6635

From: "Craig, Scott" <SCraig () kmart com>
Date: Fri, 21 Sep 2001 08:27:09 -0400
We received a very fast scan (probe) for port 6635 last night. I did a
search through the messages on the incidents.org mailing list and didn't see
any conclusive findings as to the tools being used or the purpose. Does
anyone have any further information on this yet?

The probe occurred on 9/20/01 at 22:16 Eastern time. All within the same
minute, lasting only 2 seconds.

                        Source                            Dest.
Source IP               Port            Destination IP's          Port
Protocol
---------         ------      ------------------  ----  --------
216.89.160.33   6635            MYIP.xxx.xxx.1-254  6635  TCP


Sorry, but I don't have a copy of the raw packet for display to determine
any of the flags being used.

--

DNS lookup done this morning came back to:
flare-raq1.flarenetworks.com


SAVVIS Communications (NETBLK-SAVVIS7) SAVVIS7     216.88.0.0 -
216.91.255.255
Flare Interactive (NETBLK-SAVV-FLAREINTER2) SAVV-FLAREINTER2
 
216.89.160.0 - 216.89.161.255


Server used for this query: [ whois.arin.net ]

   Flare Interactive (NETBLK-SAVV-FLAREINTER2)
   233 Linden Street
   Fort Collins, CO 80524
   US

   Netname: SAVV-FLAREINTER2
   Netblock: 216.89.160.0 - 216.89.161.255
   Maintainer: FLAR

   Coordinator:
      MacDonald, Kyle  (KM372-ARIN)  kylemac () flarenetworks com
      970-470-3300

   Record last updated on 10-Apr-2000.
   Database last updated on 20-Sep-2001 23:16:45 EDT.

==========

Server used for this query: [ whois.arin.net ]

   SAVVIS Communications (NETBLK-SAVVIS7)
   717 Office Parkway
   Creve Coeur, MO 63141
   US

   Netname: SAVVIS7
   Netblock: 216.88.0.0 - 216.91.255.255
   Maintainer: SAVV

   Coordinator:
      SAVVIS A Bridge Company  (ZS36-ARIN)  ipadmin () savvis net
      314-468-7000

   Domain System inverse mapping provided by:

   NS1.SAVVIS.NET               209.16.211.42
   NS2.SAVVIS.NET               204.194.10.206

   ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE

   Record last updated on 10-Mar-2000.
   Database last updated on 20-Sep-2001 23:16:45 EDT.


Scott




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: