RE: tcp/554 scans

From: Manuel Fernandes (manuelf_at_hotmail.com)
Date: 05/15/03

  • Next message: Andrew Simmons: "Re: UDP/137 scans -- new worm?"
    To: "'Maciej Bogucki'" <maciej.bogucki@artegence.com>, "'Aaron Cheek'" <aaron_cheek@yahoo.com>, <incidents@securityfocus.com>
    Date: Wed, 14 May 2003 18:39:38 -0700
    
    

    My thoughts: something interesting I found was that Microsoft's Media Server
    9 supposedly runs on Cougar/9.00.00.3352 --- not confirmed yet. However,
    that server had some old vulnerabilities which might still be accessible.
    Perhaps users are trying to use RTSP to create havoc or snoop around if you
    have some kind of streaming going on.

    Off topic:
    I did a port 80 walk and found out some old stuff
    http://x.x.x.x/%3CSCRIPT%3Ealert%28document%3EURL%29%3C/SCRIPT%3E/
    http://x.x.x.x/.ns4/../winnt/win.ini
    http://x.x.x.x/.HTACCESS.

    --> Manuel

    -----Original Message-----
    From: Maciej Bogucki [mailto:maciej.bogucki@artegence.com]
    Sent: Wednesday, May 14, 2003 4:57 AM
    To: Aaron Cheek; incidents@securityfocus.com

    > I received a sequential tcp/554 scan of one of my
    > Class Cs.
    Me too.

    >
    > AFAIK tcp/554 is rtsp (Real Time Streaming Protocol).
    > Any known vulns in rtsp? Any other known guys sleeping
    > on that port? Anyone seeing this?

    See:
    http://www.securityfocus.org/bid/7020
    http://www.hack.co.za/download.php?file=586

    Best Regards
    Maciej Bogucki

    ----------------------------------------------------------------------------
    *** Wireless LAN Policies for Security & Management - NEW White Paper ***
    Just like wired networks, wireless LANs require network security policies
    that are enforced to protect WLANs from known vulnerabilities and threats.
    Learn to design, implement and enforce WLAN security policies to lockdown
    enterprise WLANs.

    To get your FREE white paper visit us at:
    http://www.securityfocus.com/AirDefense-incidents
    ----------------------------------------------------------------------------

    ----------------------------------------------------------------------------
    *** Wireless LAN Policies for Security & Management - NEW White Paper ***
    Just like wired networks, wireless LANs require network security policies
    that are enforced to protect WLANs from known vulnerabilities and threats.
    Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

    To get your FREE white paper visit us at:
    http://www.securityfocus.com/AirDefense-incidents
    ----------------------------------------------------------------------------


  • Next message: Andrew Simmons: "Re: UDP/137 scans -- new worm?"