Security Incidents mailing list archives
port 9274?
From: John Kinsella <jlk () thrashyour com>
Date: Fri, 28 Dec 2001 08:57:45 -0800
Anybody got an idea of what this might be? I've seen it on a few of my IDS sensors this morning: [**] [104:1:1] spp_anomsensor: Anomaly threshold exceeded: 4.3400 [**] 12/28-08:06:06.702394 XXX.XXX.X.XX:4513 -> XXX.XX.XXX.XXX:9274 TCP TTL:115 TOS:0x0 ID:14182 IpLen:20 DgmLen:48 DF ******S* Seq: 0x201AC3D4 Ack: 0x0 Win: 0x2238 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK [**] [104:1:1] spp_anomsensor: Anomaly threshold exceeded: 4.2908 [**] 12/28-08:06:09.511201 XXX.XXX.X.XX:4513 -> XXX.XX.XXX.XXX:9274 TCP TTL:115 TOS:0x0 ID:14500 IpLen:20 DgmLen:48 DF ******S* Seq: 0x201AC3D4 Ack: 0x0 Win: 0x2238 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK Quick look around the various sites doesn't seem to indicate much knowledge about a service running on 9274. Source port seems to change for each destination IP, and probes each IP twice about 3 seconds apart. John ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- port 9274? John Kinsella (Dec 28)
- <Possible follow-ups>
- RE: port 9274? Royans Tharakan (Dec 29)