Outbound Port scans, ports 3800+

From: Dean Saxe (Dean.Saxe_at_magnetbanking.com)
Date: 08/19/03

  • Next message: Alfred.Diggs_at_STIS.com: "RE: Purging Blaster.worm"
    To: security-basics@securityfocus.com
    Date: Tue, 19 Aug 2003 15:08:22 -0400
    
    

    I have a server which has recently started scanning two IP addresses on
    ports 3800 and higher. I can find no information online regarding any worms
    or any malware which may be causing these port scans to occur. Is anyone
    aware of what may be causing this behavior?

    Thanks in advance for your help.

    -dhs

    Dean H. Saxe
    Senior Software Engineer
    Web Application Security Team Lead
    Magnet Communications
    Dean.Saxe@magnetbanking.com
    404.592.8515

    CONFIDENTIALITY NOTICE:
    This message and any attachment is solely for the use of the individual or
    entity to which this message is addressed and contains information that is
    confidential. If the reader of this message is not the intended recipient,
    you are hereby notified that any review, retransmission, disclosure,
    copying, distribution or the taking of any action in reliance on the
    contents of this communication by persons or entities other than the
    intended recipient is strictly prohibited. If you have received this email
    in error, please contact the sender and delete the material from any
    computer.

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Alfred.Diggs_at_STIS.com: "RE: Purging Blaster.worm"

    Relevant Pages

    • RE: Outbound Port scans, ports 3800+
      ... >ports 3800 and higher. ... >CONFIDENTIALITY NOTICE: ... If the reader of this message is not the intended recipient, ... send/receive up to 3MB attachments. ...
      (Security-Basics)
    • Re: SQL
      ... That's a hard list to write, but here are some gleaned from the ports ... I'm sure there are more that are not in the ports tree, ... If you are not the intended recipient, ... circulation or other use of this message and any attachments is ...
      (freebsd-questions)
    • RE: Penetration Testing a CheckPoint NG FW on Nokia
      ... CISO, Security and Infrastructure Services ... CONFIDENTIALITY NOTICE: ... Interesting ports on XYZ: ... Opening a browser to TCP 18264 gave an "Internal ...
      (Pen-Test)
    • RE: sorta newb help compiling samba
      ... I thought ports and ... Trying to install krb5 now - couple other users reported same issue I ... "This email is intended to be reviewed by only the intended recipient ... any review, use, dissemination, disclosure or copying of this email ...
      (freebsd-questions)
    • RE: backdoor threat
      ... Anything that involves a "backdoor" ... Subject: backdoor threat ... program listening on those ports to ensure it's properly secured. ... "This email is intended to be reviewed by only the intended recipient ...
      (freebsd-questions)