Who is looking for port 2036?
From: Joakim Berge (joakim.berge_at_gmail.com)
Date: 10/25/05
- Previous message: Michael.Lang_at_jackal-net.at: "Re: SSH bruteforce on its way..."
- Next in thread: Tillmann Werner: "Re: Who is looking for port 2036?"
- Reply: Tillmann Werner: "Re: Who is looking for port 2036?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 Oct 2005 13:24:37 +0200 To: incidents@securityfocus.com
I observe many scans for port 2036 and 80.
Why 80 shows up, i don't know. but port 2036 are being used by Novell's RConJ.
The scan seems to be from a large botnet, across the world. They have
only targeted one ip, and it doesn't respond to those ports.
I cant find any info on this on the net.
Is it the tryout of a new worm? Anyone seen any of this activity?
Some info from NFR.
Time: 24-Oct-2005 13:33:01
NFR: sensor
Source: 172.216.191.56
Source Port: 3382
Target: xx.xx.xx.xx
Target Port: 2036
Proto: tcp
Tag:
Tagvalue: s
Time: 24-Oct-2005 13:27:47
NFR: sensor
Source: 81.14.183.21
Source Port: 1282
Target: xx.xx.xx.xx
Target Port: 2036
Proto: tcp
Tag:
Tagvalue: s
Time: 24-Oct-2005 13:21:31
NFR: sensor
Source: 129.67.19.253
Source Port: 57118
Target: xx.xx.xx.xx
Target Port: 2036
Proto: tcp
Tag:
Tagvalue: s
-- Joakim Berge Tlf. +47 93489696 MSN. joakim.berge@gmail.com
- Previous message: Michael.Lang_at_jackal-net.at: "Re: SSH bruteforce on its way..."
- Next in thread: Tillmann Werner: "Re: Who is looking for port 2036?"
- Reply: Tillmann Werner: "Re: Who is looking for port 2036?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
