Security Incidents mailing list archives

RE: looking for what? portscan 15000/tcp

From: "Cushing, David" <david.cushing () quadrasis com>
Date: Fri, 23 Aug 2002 13:46:40 -0400

Aug 23 07:34:02 router 548124: Aug 23 07:37:06 MEST: 
%SEC-6-IPACCESSLOGP: list 103 denied tcp 
210.117.126.206(15000) -> xx.xx.1.1(15000), 1 packet


Port 15000 is used as a default for Borland/Visibroker's Gatekeeper product.  It allows CORBA applications to multiplex 
through a single firewall port.  

Since your curious visitor used port 15000 as a source and a destination, it looks as though they might have been 
trying to bypass restrictions by using a port that might be let through.  80 would be a better choice, though.  Who 
runs Gatekeeper, anyway? <g>

On your question about hosts scanned:  Can you see any relation between the numbers scanned and your actual network?  
i.e. did they have some pre-knowledge of what to poke for?

-David

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Current thread:

looking for what? portscan 15000/tcp Fabio Pietrosanti (naif) (Aug 23)
- Re: looking for what? portscan 15000/tcp Thomas Cannon (Aug 23)
  - Re: looking for what? portscan 15000/tcp Skip Carter (Aug 23)
- <Possible follow-ups>
- RE: looking for what? portscan 15000/tcp Cushing, David (Aug 23)