Ports 27374 and 37907 not yet in nmap-services

[Marek Michalkiewicz <marekm () amelek gda pl>]

Hi,

I have seen these two port numbers probed in real life, and not yet
listed in nmap-services, or even in the huge list mentioned in that
file (http://www.graffiti.com/services).  Please consider adding them
to the distributed nmap-services file, perhaps it helps someone...

I've tried to find some info on these ports using a search engine, and
here is what I found... (not much - most of what is found is a dozen
of different web archives of the same two mailing lists)

Port 27374/tcp (listed as "asp" - Address Search Protocol in the default
/etc/services file that comes with Debian) appears to be used by some
kind of Windows trojan (tried to connect to the box that probed me,
something was listening there...) named SubSeven.

Port 37907/tcp (not listed anywhere I can tell) appears to be used
by something called Optivity (whatever that is - no idea...) probably
running on Win9x, which also probes ports 80/tcp and 161/udp (snmp).
I see probes on these ports mainly in a large LAN that is not reachable
from the Internet, and I know who is doing it...  That person (who
happens to be the admin of that LAN) admits it (it's not IP spoofing),
but doesn't want to tell me anything more - says it's top secret :).

These probes are harmless, but still it would be nice to know more...
If someone here has more information, links to more info about the
above mentioned programs, especially the one using port 37907 -
please let me know.

Thanks, and keep up the good work!
Marek


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).