Security Incidents mailing list archives
Re: Please help identify this traffic
From: Laura Nuñez <potus () glacyar com ar>
Date: Fri, 10 Nov 2000 17:51:21 -0300
Hi, I only found 5405 port on IANA assignments, and it was for HP, so i made a quick search on their site, and appear to be other people questioning about scans and OpenView, too. If your bb and cc machines have hp agents installed you could ask HP (anybody from HP in the list?) if they could clarify this. IANA..> # Harold Froehling <hrf () cup hp com> netsupport 5405/tcp NetSupport netsupport 5405/udp NetSupport HP 1035 Port..> http://forums.itrc.hp.com/cm/QuestionAnswer/1,1150,0xa0a583667c40d4118feb009 0279cd0f9,00.html HP 1045 Port...> http://forums.itrc.hp.com/cm/QuestionAnswer/1,1150,0xcafc6c96588ad4118fef009 0279cd0f9,00.html Good luck, Laura --------------------------------------- Laura Nuñez mailto:potus () glacyar com ar PGP Fingerprint: 995C 89F3 DAF5 F106 4D6C C4B4 8A0C 832F A2FD 1BBA PGP Public Key: http://www.glacyar.com.ar/potus.asc Sitio web: http://www.glacyar.com.ar Lista Glacyar InfoSec: http://glacyar.listbot.com/ --------------------------------------- -----Mensaje original----- De: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]En nombre de Ralf G. R. Bergs Enviado el: Jueves, 09 de Noviembre de 2000 07:27 a.m. Para: INCIDENTS () SECURITYFOCUS COM Asunto: Please help identify this traffic Hi there, can anyone shed light on what might be causing the following traffic? input DENY eth0 PROTO=17 137.226.aaa.bb:1045 137.226.255.255:5405 L=64 S= 0x00 I=60730 F=0x0000 T=128 (#38) input DENY eth0 PROTO=17 137.226.aaa.bb:1045 137.226.255.255:7445 L=64 S= 0x00 I=60986 F=0x0000 T=128 (#38) input DENY eth0 PROTO=17 137.226.aaa.bb:1045 137.226.255.255:5405 L=64 S= 0x00 I=61242 F=0x0000 T=128 (#38) input DENY eth0 PROTO=17 137.226.aaa.bb:1045 137.226.255.255:7445 L=64 S= 0x00 I=61498 F=0x0000 T=128 (#38) input DENY eth0 PROTO=17 137.226.aaa.bb:1045 137.226.255.255:5405 L=64 S= 0x00 I=62266 F=0x0000 T=128 (#38) input DENY eth0 PROTO=17 137.226.aaa.bb:1045 137.226.255.255:7445 L=64 S= 0x00 I=62522 F=0x0000 T=128 (#38) input DENY eth0 PROTO=17 137.226.aaa.cc:1035 137.226.255.255:5405 L=64 S= 0x00 I=59918 F=0x0000 T=128 (#38) input DENY eth0 PROTO=17 137.226.aaa.cc:1035 137.226.255.255:7445 L=64 S= 0x00 I=60174 F=0x0000 T=128 (#38) input DENY eth0 PROTO=17 137.226.aaa.cc:1035 137.226.255.255:5405 L=64 S= 0x00 I=60942 F=0x0000 T=128 (#38) input DENY eth0 PROTO=17 137.226.aaa.cc:1035 137.226.255.255:7445 L=64 S= 0x00 I=61198 F=0x0000 T=128 (#38) input DENY eth0 PROTO=17 137.226.aaa.cc:1035 137.226.255.255:5405 L=64 S= 0x00 I=62222 F=0x0000 T=128 (#38) input DENY eth0 PROTO=17 137.226.aaa.cc:1035 137.226.255.255:7445 L=64 S= 0x00 I=62478 F=0x0000 T=128 (#38) It started yesterday, and I'm always seeing this very same pattern. Thanks, Ralf -- Sign the EU petition against SPAM: L I N U X .~. http://www.politik-digital.de/spam/ The Choice /V\ of a GNU /( )\ Generation ^^-^^
Current thread:
- Please help identify this traffic Ralf G. R. Bergs (Nov 11)
- Re: Please help identify this traffic Laura Nuñez (Nov 13)
- Re: Please help identify this traffic Leonard S. Dupray Jr. (Nov 13)
- Re: Please help identify this traffic Laura Nuñez (Nov 13)