Hi all, A scan of TCP 552-554 just passed through my class C network. The scanner expressed some interest in one host listening on TCP 554 and so is pretty clearly looking for RTSP servers. As it happens, the responding server is a honeypot running Windows 2003. The scanner didn't seem to send an attack; apparently, it was merely a probe. What might it be looking for on TCP 552-553 and, more particularly, why might a scanner interested in RTSP also scan those ports? The ports are registered for use by deviceshare and PIRP (Public Information Retrieval Protocol). But, I don't suspect that the scanner is interested in those services, since they don't seem to be associated with RTSP. Could the scanner simply be comparing the response for port 554 with those for the other ports, in order to assess possible firewall rules? Thanks for your thoughts! --------------------------------------------------- Bill McCarty --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Jul 24 2003 - 11:25:51 PDT