Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Lengthy probes of port 8500

From: robinton () GMX de (Soeren Ziehe)
Date: 06 Sep 2001 11:25:00 +0100
In article <3B95D970.C9982F62 () bigfoot com> [05 Sep 01]
   Paul Gear  <paul () gear dyndns org> wrote:


Has anyone seen probes like this in the last few days?  I've never
seen them before, then last night i got more than 300 attempts in a
little over 2 hours.



Sep  4 18:53:39 xxx kernel: Packet log: input DENY ppp0 PROTO=6
a.a.30.66:1761 x.x.16.93:8500 L=48 S=0x00 I=65349 F=0x4000 T=117
SYN (#67)


I haven't seen probes for that port, but I can shed some light onto what  
this may be, I guess.

Port 8500 is the standard port for the "gatherd" component of the  
"harvest" distributed search engine/network.

Robinton

-- 
Fuer das grosse Chaos haben wir Computer.
Die uebrigen Fehler machen wir von Hand.



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: