RE: looking for what? portscan 15000/tcp

From: Cushing, David (david.cushingat_private)
Date: Fri Aug 23 2002 - 10:46:40 PDT

  • Next message: Kurt Seifried: "Re: BAD TRAFFIC 0 ttl"

    > Aug 23 07:34:02 router 548124: Aug 23 07:37:06 MEST: 
    > %SEC-6-IPACCESSLOGP: list 103 denied tcp 
    > -> xx.xx.1.1(15000), 1 packet
    Port 15000 is used as a default for Borland/Visibroker's Gatekeeper product.  It allows CORBA applications to multiplex through a single firewall port.  
    Since your curious visitor used port 15000 as a source and a destination, it looks as though they might have been trying to bypass restrictions by using a port that might be let through.  80 would be a better choice, though.  Who runs Gatekeeper, anyway? <g>
    On your question about hosts scanned:  Can you see any relation between the numbers scanned and your actual network?  i.e. did they have some pre-knowledge of what to poke for?
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Fri Aug 23 2002 - 12:54:59 PDT