Loading...
[get complete service list]
Top of page
Top of page
Port Information
Protocol Service Name
tcp n1-rmgmt N1-RMGMT
udp n1-rmgmt N1-RMGMT
Top IPs Scanning
Today Yesterday
109.205.213.113 (13)109.205.213.113 (19)
199.45.154.48 (6)64.39.106.74 (8)
165.154.231.4 (5)113.249.159.56 (7)
64.39.106.75 (4)106.75.129.136 (5)
45.142.182.75 (4)165.154.225.196 (5)
199.45.155.21 (3)199.45.154.23 (5)
199.45.155.23 (3)79.110.62.66 (5)
165.154.254.54 (2)167.94.145.55 (5)
113.249.159.56 (2)165.154.226.2 (4)
165.154.225.196 (2)165.154.231.4 (4)
User Comments
Submitted By Date
Comment
Fred de Jong 2004-06-21 17:07:53
TCP port 4447 was used by "n1-rmgmt", the CyberwallPLUS firewall remote management. That Network-1 Security Solutions, Inc. (network-1.com) product appears to be dead since the end of 2002: http://biz.yahoo.com/e/040517/nssi.pk10qsb.html I saw the port (re)used in an attack that floods the Upstream of a CableTV Network link @Home.nl using (handcrafted ?) Multicast Ethernet frames. Such frames were repeatedly sent for at least 15 minutes. Intensity: ca. 18 frames/sec, ca. 12 KByte/sec ~ subscriber Upload capacity. Most header fields are constant. The only variable fields were: eth.src (all valid ManufacturerCodes MACs), ip.ttl (2...110), ip.hdrchksum. Repeating Packet: TCP [ACK] Seq=[3a 3f 07 9e] Ack=0 Win=17124 NextSeq=1460 Spoofed MAC Sources. Multicast MAC destination (01:00:5e: followed by the last 3 bytes of the default ISP gateway IP-address). Carries 1460 byte payload. I do not know which viral bot (if any) produces this. It does eat a lot of Upstream bandwidth on a public cableTV network.
Top of page
CVE Links
CVE # Description
Top of page