IPP (631/tcp) Scans

["Crist Clark" <crist.clark () globalstar com>]

OK, what's up with all of the attention on port 631/tcp from the k1dd33z?
We've seen an increase from zero to a couple of scans (walks across several 
class C nets) per day,

  Jul01   0
  Jul02   0
  Jul03   0
  ..
  Jul14   0
  Jul15   0
  Jul16   1
  Jul17   2
  Jul18   3
  Jul19   3
  Jul20   2
  Jul21   1
  Jul22   1
  Jul23   3

I don't recall any new problems with port 631/tcp. One of the IIS issues
was print related, but I thought it was expoited via an HTTP (80/tcp) 
interface to the IPP services, not via 631/tcp. Some kiddies have a 0-day?
Or is one of those things where someone starts looking for some ancient
hole (e.g. occasional flurries of activity looking for old POP exploits)?
-- 
Crist J. Clark                                Network Security Engineer
crist.clark () globalstar com                    Globalstar, L.P.
(408) 933-4387                                FAX: (408) 933-4926

The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.  If
the reader of this e-mail is not the intended recipient, or the employee
or agent responsible to deliver it to the intended recipient, you are
hereby notified that any review, dissemination, distribution or copying
of this communication is strictly prohibited.  If you have received this
e-mail in error, please contact postmaster () globalstar com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com