[prev in list] [next in list] [prev in thread] [next in thread]
List: dshield
Subject: Re: [Dshield] Port 9571/tcp
From: "Jon R. Kibler" <Jon.Kibler () aset ! com>
Date: 2007-01-17 17:18:05
Message-ID: 45AE5A4D.64133F82 () aset ! com
[Download RAW message or body]
"Tomas L. Byrnes" wrote:
>
> Do you have a skype host on your network that is using 9571 as its port?
> It could just be systems trying to connect to it and use it as a
> supernode.
No Skype.
>
> Otherwise, 9571 is the Tivoli Netview web server port. Maybe there's a
> vuln for Tivoli we don't know about?
No Tivoli. (If this is a commonly used port by Tivoli, why don't they register it \
with IANA?!)
Searched for Netview in CVE and bugtraq, and all I found was a very old SNMP vuln. \
Nothing in Google (web or groups) either (except for an ISC port graph). About a \
month ago, TippingPoint published a BO vuln in Tivoli Storage Manager -- maybe there \
is a backdoor path to that vuln through Netview? Or worse, 0-day?
What is strangest, all scans are to one IP -- which currently has no public services \
(and never has). Don't know about Skype, but a lot of sources (250+) thinking there \
was a Skype host there would be somewhat weird I would think.
Jon
--
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC USA
(843) 849-8214
==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.
_________________________________________
SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
taught by our top rated instructors plus a huge vendor tools expo.
Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic