Security Incidents mailing list archives
Who is looking for port 2036?
From: Joakim Berge <joakim.berge () gmail com>
Date: Tue, 25 Oct 2005 13:24:37 +0200
I observe many scans for port 2036 and 80. Why 80 shows up, i don't know. but port 2036 are being used by Novell's RConJ. The scan seems to be from a large botnet, across the world. They have only targeted one ip, and it doesn't respond to those ports. I cant find any info on this on the net. Is it the tryout of a new worm? Anyone seen any of this activity? Some info from NFR. Time: 24-Oct-2005 13:33:01 NFR: sensor Source: 172.216.191.56 Source Port: 3382 Target: xx.xx.xx.xx Target Port: 2036 Proto: tcp Tag: Tagvalue: s Time: 24-Oct-2005 13:27:47 NFR: sensor Source: 81.14.183.21 Source Port: 1282 Target: xx.xx.xx.xx Target Port: 2036 Proto: tcp Tag: Tagvalue: s Time: 24-Oct-2005 13:21:31 NFR: sensor Source: 129.67.19.253 Source Port: 57118 Target: xx.xx.xx.xx Target Port: 2036 Proto: tcp Tag: Tagvalue: s -- Joakim Berge Tlf. +47 93489696 MSN. joakim.berge () gmail com
Current thread:
- Who is looking for port 2036? Joakim Berge (Oct 25)
- Re: Who is looking for port 2036? Tillmann Werner (Oct 26)
- Re: Who is looking for port 2036? Joakim Berge (Oct 27)
- Re: Who is looking for port 2036? mis (Oct 27)
- Re: Who is looking for port 2036? Justin (Oct 28)
- Re: Who is looking for port 2036? Joakim Berge (Oct 27)
- Re: Who is looking for port 2036? Tillmann Werner (Oct 26)