RE: Port 554 - Quicktime scans, what's up

From: James C. Slora, Jr. (Jim.Slora_at_phra.com)
Date: 08/29/03

  • Next message: Gerardo Richarte: "Re: Port 554 - Quicktime scans, what's up"
    Date: Fri, 29 Aug 2003 13:00:53 -0400
    To: "Mike Shelby" <Mike.Shelby@noaa.gov>, <incidents@securityfocus.com>
    
    

    Mike Shelby wrote Friday, August 29, 2003 6:33 AM
    > Is anyone seeing scans on port 554 for Quicktime streaming
    > and/or does anyone know if there is a Qtime streaming
    > vulnerability being probed? Here is an example scan:
    >
    > UTC 2003/08/29 00:59:02.368 - TCP connection dropped
    > - Source:4.47.216.107, 1905, WAN -
    > Destination:192.168.168.200, 554, LAN - 'Quicktime' - Rule 16

    These probes appear to be everywhere. I am getting them too. From what
    I'm told, they are root exploits on RealServer (all versions). See Brian
    Collins' post "compromised Real Server 8".

    ---------------------------------------------------------------------------
    Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
    October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
    technical IT security event. Modeled after the famous Black Hat event in
    Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
    Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
    ----------------------------------------------------------------------------


  • Next message: Gerardo Richarte: "Re: Port 554 - Quicktime scans, what's up"

    Relevant Pages

    • Re: Can anyone identify this possible backdoor?
      ... Attend Black Hat Briefings & Training Federal, September 29-30, ... Modeled after the famous Black Hat event in ... Symantec is the Diamond sponsor. ...
      (Incidents)
    • RE: Re: Hunting for Mr Badmouth
      ... Attend Black Hat Briefings & Training Federal, ... Modeled after the famous Black Hat event ... Symantec is the Diamond sponsor. ... Attend Black Hat Briefings & Training Federal, September 29-30, ...
      (Security-Basics)
    • RE: Windows XP Pro cracker?
      ... Attend Black Hat Briefings & Training Federal, ... Modeled after the famous Black Hat event ... Symantec is the Diamond sponsor. ...
      (Security-Basics)
    • RE: Windows XP Pro cracker?
      ... Attend Black Hat Briefings & Training Federal, September 29-30, ... Modeled after the famous Black Hat event in ... Symantec is the Diamond sponsor. ...
      (Security-Basics)
    • RE: Windows XP Pro cracker?
      ... Attend Black Hat Briefings & Training Federal, September 29-30, ... Modeled after the famous Black Hat event in Las Vegas! ... Symantec is the Diamond sponsor. ...
      (Security-Basics)