[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dshield
Subject:    Re: [Dshield] Port 9571/tcp
From:       "Jon R. Kibler" <Jon.Kibler () aset ! com>
Date:       2007-01-17 17:18:05
Message-ID: 45AE5A4D.64133F82 () aset ! com
[Download RAW message or body]

"Tomas L. Byrnes" wrote:
> 
> Do you have a skype host on your network that is using 9571 as its port?
> It could just be systems trying to connect to it and use it as a
> supernode.

No Skype. 

> 
> Otherwise, 9571 is the Tivoli Netview web server port. Maybe there's a
> vuln for Tivoli we don't know about?

No Tivoli. (If this is a commonly used port by Tivoli, why don't they register it \
with IANA?!)

Searched for Netview in CVE and bugtraq, and all I found was a very old SNMP vuln. \
Nothing in Google (web or groups) either (except for an ISC port graph). About a \
month ago, TippingPoint published a BO vuln in Tivoli Storage Manager -- maybe there \
is a backdoor path to that vuln through Netview? Or worse, 0-day?

What is strangest, all scans are to one IP -- which currently has no public services \
(and never has). Don't know about Skype, but a lot of sources (250+) thinking there \
was a Skype host there would be somewhat weird I would think.

Jon
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



_________________________________________

SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
taught by our top rated instructors plus a huge vendor tools expo.
Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)

[prev in list] [next in list] [prev in thread] [next in thread]