tcp 17888
From: David Vestal (dk_vestal_at_seznam.cz)
Date: 10/08/03
- Previous message: Alessandro Volpi: "RE: P2P applications scanning? Trojan? Malicious users?"
- Next in thread: Harlan Carvey: "Re: tcp 17888"
- Reply: Harlan Carvey: "Re: tcp 17888"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: incidents@securityfocus.com Date: 07 Oct 2003 19:56:30 -0500
While monitoring my firewall I noticed a lot of incoming tcp packets to
port 17888. All were dropped, so there has been no damage or intrusion.
I fired up tcpdump and let it catch all the packets for 2 hours and
using ethereal I found 11105 packets from approx. 30 different sources.
All packets had the SYN flag and most of the time there were 3 packets
from the same source port. Many of the source ip's had attempts from
numerous different ports. Google returned information on "netlet" when
queried for "tcp 17888". I am not familiar with netlet, it seems to me
to be some type of rpc.
Since it seems to be rpc my guess is someone looking for another machine
to own. I am on an aDSL connection and after the 2 hours of logging with
tcpdump I shut down the connection and restarted it after 15 minutes and
have so far not had this scanning again.
I was wondering if anyone would know what this might be. If anymore
information is necessary just let me know. Thanks.
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Alessandro Volpi: "RE: P2P applications scanning? Trojan? Malicious users?"
- Next in thread: Harlan Carvey: "Re: tcp 17888"
- Reply: Harlan Carvey: "Re: tcp 17888"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
