Port 6635

From: Craig, Scott (SCraigat_private)
Date: Fri Sep 21 2001 - 05:27:09 PDT

Next message: johan.augustssonat_private: "Nimda on Mac?"

Previous message: info: "New Version of Retina Nimba Scanner"
Next in thread: Matthew Leeds: "Re: Port 6635"
Reply: Matthew Leeds: "Re: Port 6635"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We received a very fast scan (probe) for port 6635 last night. I did a
search through the messages on the incidents.org mailing list and didn't see
any conclusive findings as to the tools being used or the purpose. Does
anyone have any further information on this yet?

The probe occurred on 9/20/01 at 22:16 Eastern time. All within the same
minute, lasting only 2 seconds.

			Source				  Dest.
Source IP		Port		Destination IP's	  Port
Protocol
---------         ------      ------------------  ----  --------
216.89.160.33	6635		MYIP.xxx.xxx.1-254  6635  TCP


Sorry, but I don't have a copy of the raw packet for display to determine
any of the flags being used.

--

DNS lookup done this morning came back to:
flare-raq1.flarenetworks.com


SAVVIS Communications (NETBLK-SAVVIS7) SAVVIS7	   216.88.0.0 -
216.91.255.255
Flare Interactive (NETBLK-SAVV-FLAREINTER2) SAVV-FLAREINTER2
 
216.89.160.0 - 216.89.161.255


Server used for this query: [ whois.arin.net ]

   Flare Interactive (NETBLK-SAVV-FLAREINTER2)
   233 Linden Street
   Fort Collins, CO 80524
   US

   Netname: SAVV-FLAREINTER2
   Netblock: 216.89.160.0 - 216.89.161.255
   Maintainer: FLAR

   Coordinator:
      MacDonald, Kyle  (KM372-ARIN)  kylemacat_private
      970-470-3300

   Record last updated on 10-Apr-2000.
   Database last updated on 20-Sep-2001 23:16:45 EDT.

==========

Server used for this query: [ whois.arin.net ]

   SAVVIS Communications (NETBLK-SAVVIS7)
   717 Office Parkway
   Creve Coeur, MO 63141
   US

   Netname: SAVVIS7
   Netblock: 216.88.0.0 - 216.91.255.255
   Maintainer: SAVV

   Coordinator:
      SAVVIS A Bridge Company  (ZS36-ARIN)  ipadminat_private
      314-468-7000

   Domain System inverse mapping provided by:

   NS1.SAVVIS.NET		209.16.211.42
   NS2.SAVVIS.NET		204.194.10.206

   ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE

   Record last updated on 10-Mar-2000.
   Database last updated on 20-Sep-2001 23:16:45 EDT.


Scott




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: johan.augustssonat_private: "Nimda on Mac?"
Previous message: info: "New Version of Retina Nimba Scanner"
Next in thread: Matthew Leeds: "Re: Port 6635"
Reply: Matthew Leeds: "Re: Port 6635"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 21 2001 - 08:49:55 PDT