nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: port 554 scans?

From: Joel Jaeggli <joelja () darkwing uoregon edu>
Date: Fri, 29 Aug 2003 09:13:46 -0700 (PDT)

554 is a port associated with rtsp... 

There is a real helix server vulnerability that may be associated with 
those probes...

http://www.securityfocus.com/archive/75/334900/2003-08-19/2003-08-25/0

yeah:

http://www.k-otik.com/exploits/08.25.THCREALbad.c.php

int main(int argc, char *argv[])
{ 
unsigned short realport=554;
unsigned int sock,addr,os,rc;
unsigned char *finalbuffer,*osbuf;
struct sockaddr_in mytcp;
struct hostent * hp;
WSADATA wsaData;

joelja

On Fri, 29 Aug 2003, Stephen J. Wilcox wrote:




Anyone know what the source of the recent increase in scans of port 554 are?

http://isc.incidents.org/port_details.html?port=554

I cant find any related virus/worms using this?

Maybe its nothing, just some abuse complaints we got from port 554 scanning...

Steve



-- 
-------------------------------------------------------------------------- 
Joel Jaeggli           Unix Consulting         joelja () darkwing uoregon edu    
GPG Key Fingerprint:     5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
Previous By Date Next
Previous By Thread Next

Current thread: