Network Security: Detailed info on Who is looking for port 2036?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

Who is looking for port 2036?

from [Joakim Berge] Network Security

[Permanent Link]

Subject:	Who is looking for port 2036?
Date:	Tue, 25 Oct 2005 13:24:37 +0200

I observe many scans for port 2036  and 80.Why 80 shows up, i don't know. but 
port 2036 are being used by Novell's RConJ.The scan seems to be from a large 
botnet, across the world.  They haveonly targeted one ip, and it doesn't 
respond to those ports.
I cant find any info on this on the net.Is it the tryout of a new worm? Anyone 
seen any of this activity?

Some info from NFR.

Time:               24-Oct-2005 13:33:01NFR:                sensorSource:       
      172.216.191.56Source Port:        3382Target:             
xx.xx.xx.xxTarget Port:        2036Proto:              tcpTag:Tagvalue:         
  s
Time:               24-Oct-2005 13:27:47NFR:                sensorSource:       
      81.14.183.21Source Port:        1282Target:             xx.xx.xx.xxTarget 
Port:        2036Proto:              tcpTag:Tagvalue:           s
Time:               24-Oct-2005 13:21:31NFR:                sensorSource:       
      129.67.19.253Source Port:        57118Target:             
xx.xx.xx.xxTarget Port:        2036Proto:              tcpTag:Tagvalue:         
  s

--Joakim BergeTlf. +47 93489696MSN. joakim.berge@gmail.com

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Who is looking for port 2036?, Joakim Berge <= Re: Who is looking for port 2036?, Tillmann Werner Re: Who is looking for port 2036?, Joakim Berge Re: Who is looking for port 2036?, mis Re: Who is looking for port 2036?, Justin

Previous by Date:	Re: SSH bruteforce on its way..., Michael . Lang
Next by Date:	Re: SSH bruteforce on its way..., Russell Fulton
Previous by Thread:	Memorias Conferencia Internacional sobre Seguridad Informática, Oscar Eduardo Ruiz Bermúdez
Next by Thread:	Re: Who is looking for port 2036?, Tillmann Werner
Indexes:	[Date] [Thread] [Top] [All Lists]