Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

re: port 4899

From: jdurick <jdurick () mitre org>
Date: Thu, 08 Apr 2004 08:49:41 -0400
Seeing alot of hits the past few days on port 4899/tcp and wondering if anyone is seeing the same....Did some research and found a link about that specific port [http://www.securityfocus.com/archive/1/290099/2002-09-01/2002-09-07/0]. Apparently, a tool called Radmin uses that port for remote access. Anyhey, here are some snips of my traffic...
Filter that generated (using ARGUS) this traffic: ra -nzcr $ARGUS/$TODAY*ext* - $NOT_SRC_HOME and $DST_HOME 

--snip--

07 Apr 04 22:05:31    tcp  211.44.252.204.28127  ->     xxx.xxx.xxx.xxx.4899  2        0         124          0         
  s
07 Apr 04 22:05:31    tcp  211.44.252.204.53070  ->     xxx.xxx.xxx.xxx.4899  2        0         124          0         
  s
07 Apr 04 22:05:31    tcp  211.44.252.204.14860  ->     xxx.xxx.xxx.xxx.4899  2        0         124          0         
  s
07 Apr 04 22:05:31 tcp 211.44.252.204.31254 -> xxx.xxx.xxx.xxx.4899 2 0 124 

07 Apr 04 18:22:11    tcp     65.94.49.70.2645   ->     xxx.xxx.xxx.xxx.4899  2        0         124          0         
  s
07 Apr 04 18:22:11    tcp     65.94.49.70.2646   ->     xxx.xxx.xxx.xxx.4899  2        0         124          0         
  s
07 Apr 04 18:22:11    tcp     65.94.49.70.2648   ->     xxx.xxx.xxx.xxx.4899  2        0         124          0         
  s
07 Apr 04 18:22:11    tcp     65.94.49.70.2647   ->     xxx.xxx.xxx.xxx.4899  2        0         124

-snip-
There are to many hits for it to be a misconfiguration issue. I put a special rule in my fw ruleset to drop those immediately, other than that, I will keep looking around for more info.... 

jd

--
JD Durick
Senior INFOSEC Engineer
The MITRE Corporation
jdurick () mitre org
703-883-5543



---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.
Download your free trial at http://www.securityfocus.com/sponsor/Astaro_incidents_040301 
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: