Security Incidents mailing list archives

Re: Scans to port 5864?

From: Fredrik Ostergren <fredrik.ostergren () FREEBOX COM>
Date: Tue, 8 Aug 2000 12:12:16 -0000

Maybe it's just a simple bindshell that someone have binded 
on a few unknown hosts, that way, portscanning whole class 
a nets to find them.

/ Fredrik.

I've been seeing a lot of this type of scan occuring lately.
nmap's service file does not have port 5864 listed.  Any 
idea
what it is?


Aug  3 04:30:31 kernel: Packet log: inet-in DENY ppp0
PROTO=6 216.52.6.46:80 116.238.78.50:5864 L=188 S=0x00 
I=7266
F=0x4000 T=119 (#19)
Aug  3 04:30:43 kernel: Packet log: inet-in DENY ppp0
PROTO=6 216.52.6.46:80 116.238.78.50:5864 L=188 S=0x00 
I=26239
F=0x4000 T=119 (#19)
Aug  3 04:31:09 kernel: Packet log: inet-in DENY ppp0
PROTO=6 216.52.6.46:80 116.238.78.50:5864 L=188 S=0x00 
I=30394
F=0x4000 T=119 (#19)
Aug  3 04:32:04 kernel: Packet log: inet-in DENY ppp0
PROTO=6 216.52.6.46:80 116.238.78.50:5864 L=188 S=0x00 
I=63273
F=0x4000 T=119 (#19)
Aug  3 04:33:03 kernel: Packet log: inet-in DENY ppp0
PROTO=6 216.52.6.46:80 116.238.78.50:5864 L=188 S=0x00 
I=9650
F=0x4000 T=119 (#19)

# nslookup 216.52.6.46
Server:  xxxxxxxxxx
Address:  192.168.1.1

Name:    flfc06-6l.flycast.com
Address:  216.52.6.46

Current thread:

Scans to port 5864? Mike A. Harris (Aug 03)
- Re: Scans to port 5864? Fredrik Ostergren (Aug 08)