Security Incidents mailing list archives
Re: Please help identify this traffic
From: Laura Nuñez <potus () glacyar com ar>
Date: Fri, 10 Nov 2000 17:51:21 -0300
Hi,
I only found 5405 port on IANA assignments, and it was for HP, so i made a
quick search on their site, and appear to be other people questioning about
scans and OpenView, too. If your bb and cc machines have hp agents installed
you could ask HP (anybody from HP in the list?) if they could clarify this.
IANA..>
# Harold Froehling <hrf () cup hp com>
netsupport 5405/tcp NetSupport
netsupport 5405/udp NetSupport
HP 1035 Port..>
http://forums.itrc.hp.com/cm/QuestionAnswer/1,1150,0xa0a583667c40d4118feb009
0279cd0f9,00.html
HP 1045 Port...>
http://forums.itrc.hp.com/cm/QuestionAnswer/1,1150,0xcafc6c96588ad4118fef009
0279cd0f9,00.html
Good luck, Laura
---------------------------------------
Laura Nuñez
mailto:potus () glacyar com ar
PGP Fingerprint: 995C 89F3 DAF5 F106 4D6C C4B4 8A0C 832F A2FD 1BBA
PGP Public Key: http://www.glacyar.com.ar/potus.asc
Sitio web: http://www.glacyar.com.ar
Lista Glacyar InfoSec: http://glacyar.listbot.com/
---------------------------------------
-----Mensaje original-----
De: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]En nombre
de Ralf G. R. Bergs
Enviado el: Jueves, 09 de Noviembre de 2000 07:27 a.m.
Para: INCIDENTS () SECURITYFOCUS COM
Asunto: Please help identify this traffic
Hi there,
can anyone shed light on what might be causing the following traffic?
input DENY eth0 PROTO=17 137.226.aaa.bb:1045 137.226.255.255:5405 L=64 S=
0x00 I=60730 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.bb:1045 137.226.255.255:7445 L=64 S=
0x00 I=60986 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.bb:1045 137.226.255.255:5405 L=64 S=
0x00 I=61242 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.bb:1045 137.226.255.255:7445 L=64 S=
0x00 I=61498 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.bb:1045 137.226.255.255:5405 L=64 S=
0x00 I=62266 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.bb:1045 137.226.255.255:7445 L=64 S=
0x00 I=62522 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.cc:1035 137.226.255.255:5405 L=64 S=
0x00 I=59918 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.cc:1035 137.226.255.255:7445 L=64 S=
0x00 I=60174 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.cc:1035 137.226.255.255:5405 L=64 S=
0x00 I=60942 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.cc:1035 137.226.255.255:7445 L=64 S=
0x00 I=61198 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.cc:1035 137.226.255.255:5405 L=64 S=
0x00 I=62222 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.cc:1035 137.226.255.255:7445 L=64 S=
0x00 I=62478 F=0x0000 T=128 (#38)
It started yesterday, and I'm always seeing this very same pattern.
Thanks,
Ralf
--
Sign the EU petition against SPAM: L I N U X .~.
http://www.politik-digital.de/spam/ The Choice /V\
of a GNU /( )\
Generation ^^-^^
Current thread:
- Please help identify this traffic Ralf G. R. Bergs (Nov 11)
- Re: Please help identify this traffic Laura Nuñez (Nov 13)
- Re: Please help identify this traffic Leonard S. Dupray Jr. (Nov 13)
- Re: Please help identify this traffic Laura Nuñez (Nov 13)