[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dshield
Subject:    Re: [Dshield] 4051/tcp
From:       "David Taylor" <ltr () isc ! upenn ! edu>
Date:       2005-06-27 10:59:46
Message-ID: 00f001c57b07$54bbd2b0$654b5b82 () shakuhachi
[Download RAW message or body]

I am not seeing any port 4051 traffic here.  Sans isn't showing any
significant traffic for this port.

http://isc.sans.org/port_details.php?port=4051




==================================================
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
LTR@ISC.UPENN.EDU               (215) 898-1236
http://www.upenn.edu/computing/security/
================================================== 

SANS - The Twenty Most Critical Internet Security Vulnerabilities 
http://www.sans.org/top20/

SANS - Internet Storm Center
http://isc.sans.org


-----Original Message-----
From: list-bounces@lists.dshield.org [mailto:list-bounces@lists.dshield.org]
On Behalf Of jayjwa
Sent: Monday, June 27, 2005 6:44 AM
To: Dshield Mail List
Subject: [Dshield] 4051/tcp



I've been seeing alot of SYN packets to port 4051 lately. In fact, other 
than Qwest's on-going virus barrage (since June 7th) on 25 and the 
usual 445 stuff, it's the number one port getting attention in the 
firewall logs. The source ports are mid-high range and vary. A few (2-3) 
of the hosts I recognise. Sorted & uniq'ed, here's last night's hosts:

172.140.211.248
172.142.243.235
172.158.148.66
206.190.36.217
24.92.126.176
64.160.164.123
64.179.117.25
64.179.12.92
64.179.46.166
64.179.7.64
64.34.164.5
66.216.94.79
66.35.250.225
66.63.86.62
68.166.180.38
68.253.184.180
68.68.24.54
69.165.22.136
71.107.111.252
83.29.7.55
84.69.29.77

Of those, some had their 4051 filtered, some closed, and one was open. The 
open one wouldn't return any traffic when connected to. There didn't seem 
to be much on Google about it, just a few things about broken ftp 
connections which I doubt this is. Also a few mentions of a chat system 
I've never heard of. Has anyone seen activity on this port and might 
know what is going to & fro?


-- 
Confidentiality Notice: This email may contain confidential
and privileged information. If in the event that it does,
please send it back to me with a reply telling me how
stupid I am for sending confidential info to a public forum.

_______________________________________________
send all posts to list@lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



_______________________________________________
send all posts to list@lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic