RE: tcp/554 scans

From: Manuel Fernandes (manuelfat_private)
Date: Wed May 14 2003 - 18:39:38 PDT

Next message: meowbaby: "re: DNS poisoning to Korean address"

Previous message: Mark Ng: "RE: BIND Crash"
In reply to: Maciej Bogucki: "Re: tcp/554 scans"
Next in thread: Kevin Patz: "Re: tcp/554 scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

My thoughts: something interesting I found was that Microsoft's Media Server
9 supposedly runs on Cougar/9.00.00.3352 --- not confirmed yet. However,
that server had some old vulnerabilities which might still be accessible.
Perhaps users are trying to use RTSP to create havoc or snoop around if you
have some kind of streaming going on.

Off topic:
I did a port 80 walk and found out some old stuff 
http://x.x.x.x/%3CSCRIPT%3Ealert%28document%3EURL%29%3C/SCRIPT%3E/
http://x.x.x.x/.ns4/../winnt/win.ini
http://x.x.x.x/.HTACCESS.

--> Manuel

-----Original Message-----
From: Maciej Bogucki [mailto:maciej.boguckiat_private] 
Sent: Wednesday, May 14, 2003 4:57 AM
To: Aaron Cheek; incidentsat_private

> I received a sequential tcp/554 scan of one of my
> Class Cs.
Me too.

> 
> AFAIK tcp/554 is rtsp (Real Time Streaming Protocol).
> Any known vulns in rtsp? Any other known guys sleeping
> on that port? Anyone seeing this?

See:
http://www.securityfocus.org/bid/7020
http://www.hack.co.za/download.php?file=586

Best Regards
Maciej Bogucki


----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown
enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------


----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------

Next message: meowbaby: "re: DNS poisoning to Korean address"
Previous message: Mark Ng: "RE: BIND Crash"
In reply to: Maciej Bogucki: "Re: tcp/554 scans"
Next in thread: Kevin Patz: "Re: tcp/554 scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 16 2003 - 00:47:13 PDT