nanog mailing list archives
Re: port 554 scans?
From: Joel Jaeggli <joelja () darkwing uoregon edu>
Date: Fri, 29 Aug 2003 09:13:46 -0700 (PDT)
554 is a port associated with rtsp... There is a real helix server vulnerability that may be associated with those probes... http://www.securityfocus.com/archive/75/334900/2003-08-19/2003-08-25/0 yeah: http://www.k-otik.com/exploits/08.25.THCREALbad.c.php int main(int argc, char *argv[]) { unsigned short realport=554; unsigned int sock,addr,os,rc; unsigned char *finalbuffer,*osbuf; struct sockaddr_in mytcp; struct hostent * hp; WSADATA wsaData; joelja On Fri, 29 Aug 2003, Stephen J. Wilcox wrote:
Anyone know what the source of the recent increase in scans of port 554 are? http://isc.incidents.org/port_details.html?port=554 I cant find any related virus/worms using this? Maybe its nothing, just some abuse complaints we got from port 554 scanning... Steve
-- -------------------------------------------------------------------------- Joel Jaeggli Unix Consulting joelja () darkwing uoregon edu GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
Current thread:
- port 554 scans? Stephen J. Wilcox (Aug 29)
- Re: port 554 scans? Joel Jaeggli (Aug 29)