[61492] in North American Network Operators' Group
Re: port 554 scans?
daemon@ATHENA.MIT.EDU (Joel Jaeggli)
Fri Aug 29 12:26:10 2003
Date: Fri, 29 Aug 2003 09:13:46 -0700 (PDT)
From: Joel Jaeggli <joelja@darkwing.uoregon.edu>
To: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
Cc: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0308291645470.25859-100000@MrServer>
Errors-To: owner-nanog-outgoing@merit.edu
554 is a port associated with rtsp...
There is a real helix server vulnerability that may be associated with
those probes...
http://www.securityfocus.com/archive/75/334900/2003-08-19/2003-08-25/0
yeah:
http://www.k-otik.com/exploits/08.25.THCREALbad.c.php
int main(int argc, char *argv[])
{
unsigned short realport=554;
unsigned int sock,addr,os,rc;
unsigned char *finalbuffer,*osbuf;
struct sockaddr_in mytcp;
struct hostent * hp;
WSADATA wsaData;
joelja
On Fri, 29 Aug 2003, Stephen J. Wilcox wrote:
>
>
> Anyone know what the source of the recent increase in scans of port 554 are?
>
> http://isc.incidents.org/port_details.html?port=554
>
> I cant find any related virus/worms using this?
>
> Maybe its nothing, just some abuse complaints we got from port 554 scanning...
>
> Steve
>
--
--------------------------------------------------------------------------
Joel Jaeggli Unix Consulting joelja@darkwing.uoregon.edu
GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
