Re: Port 5552?

From: David Lawson (dlawsonat_private)
Date: Wed Nov 13 2002 - 14:41:10 PST

Next message: Moshe Aelion: "Help - a possible bot"

Previous message: Ryan Yagatich: "Re: 030 ignkeywords igetnet follow up"
In reply to: Tijl Schoonenberg: "Re: Port 5552?"
Next in thread: Robb, Bev: "RE: Port 5552?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ChiliSoft runs its ASP engine starting at port 3000 (and usually has a 
few listeners about that, on my machine it's listening on 3000, 3001, 
and 3002) and its web based administration interface on 5000 by default. 
    As far as I know, there'd be no reason for ChiliSoft to be listening 
on a port that high, certainly not by default.  I just nmap'd my 
ChiliSoft box and it doesn't show anything listening on that particular 
port, so I think you'll have to look elsewhere for the culprit. :)

--David Lawson

Tijl Schoonenberg wrote:
> Hmm, ok.
> But this database seems to try telling me that all ports in the range from
> 3001 upto 6000 are used for ChilliASP. Of course this is a possibility, but
> it doesn't seem very plausible to me.
> 
> Tijl Schoonenberg
> 
> ----- Original Message -----
> From: "Will Munkara-Kerr" <WillMat_private>
> To: <incidentsat_private>
> Sent: Monday, November 11, 2002 11:51 PM
> Subject: RE: Port 5552?
> 
> 
> 
>>>I've seen several TCP SYN packets for this port on one of the
>>>firewalls
>>>I maintain. Grepping through October's logs, I found a few more on
>>>another firewall.
>>>
>>>What I can't find is what uses this port. A Google search came up with
>>>Mac error codes and phone numbers.
>>>
>>>Anybody know? I'm just curious, and I want to put an entry in my
>>>/etc/services to have a name for it in the log analysis.
>>
>>
> http://www.portsdb.org/bin/portsdb.cgi?portnumber=5552&protocol=ANY&String=
> 
>>ChilliASP
>>Asp module for Apache servers...
>>
>>
>>>Thanks!
>>>Lupe Christoph
>>
>>Hope it helps,
>>.will
>>"This message is intended for the addressee named and may contain
>>confidential information. If you are not the intended recipient, please
>>destroy it and notify the sender. Views expressed in this message are
> 
> those
> 
>>of the individual sender, and are not necessarily the views of the Central
>>Sydney Area Health Service."
>>
>>--------------------------------------------------------------------------
> 
> --
> 
>>This list is provided by the SecurityFocus ARIS analyzer service.
>>For more information on this free incident handling, management
>>and tracking system please see: http://aris.securityfocus.com
>>
> 
> 
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Moshe Aelion: "Help - a possible bot"
Previous message: Ryan Yagatich: "Re: 030 ignkeywords igetnet follow up"
In reply to: Tijl Schoonenberg: "Re: Port 5552?"
Next in thread: Robb, Bev: "RE: Port 5552?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Nov 15 2002 - 23:43:17 PST