Security Incidents mailing list archives
Re: port 523/TCP scans
From: Joe Matusiewicz <joem () NIST GOV>
Date: Fri, 17 Nov 2000 14:29:51 -0500
At 11:22 AM 11/17/00, Jose Nazario wrote:
cwru.edu had a rash of some SGI's compromised, which i've been investigating. they're currently blocked, btw, at the firewall (the compromised machines we have identified) until they can be sanitized and hardened. i've been seeing some sweeps the past week for 5232/TCP. i presume it is for marking SGI's on a unique port: (from nmap output against an SGI) 5232/tcp open sgi-dgl
I've had an attempt to scan 5,267 ip addresses in my address space on that port yesterday from adsl-64-216-5-187.dsl.eulstx.swbell.net. SWBell hasn't answered my polite email to them pointing out this fact. I did a search on that port from google and there is talk out there that this is indeed related to SGI's Distributed Graphics. -- Joe
Current thread:
- port 523/TCP scans Jose Nazario (Nov 18)
- Re: port 523/TCP scans E. Larry Lidz (Nov 21)
- <Possible follow-ups>
- Re: port 523/TCP scans Joe Matusiewicz (Nov 21)
- Re: port 523/TCP scans Russell Fulton (Nov 22)