Handler on Duty: Rob VandenBrink
Threat Level: green
Loading...
|
|
URL |
---|
Oracle Application Server Web Cache Vulnerabilities; Port 65506 |
Port 559 and 65506 |
Submitted By | Date |
---|---|
Comment | |
Dave D | 2004-06-21 17:08:06 |
I downloaded a spam client (Stealth Mail Master 4.2) that brags it has "5000-100000 fresh proxies daily" and ran nessus at it, found that it connects outbound via fairly random port but expects to find a connection at port 65,506 on its target hosts. Connects in the clear. more analysis could reveal more. | |
John Sage | 2004-03-19 06:41:16 |
TCP:65506 has just gone through the roof in the last day (03/18/04) or two. Typical payload is an attempt to connect to TCP:25 somewhere... input: snort.log.1079626835 filter: ip and ( dst port 65506 ) match: CONNECT ### T 2004/03/18 08:20:48.194911 207.36.209.104:1184 -> 24.19.147.xxx:65506 [AP] 43 4f 4e 4e 45 43 54 20 32 31 32 2e 31 35 35 2e CONNECT 212.155. 32 30 37 2e 31 3a 32 35 20 48 54 54 50 2f 31 2e 207.1:25 HTTP/1. 30 0d 0a 0d 0a 0.... ###### T 2004/03/18 08:21:07.953162 207.36.209.104:2588 -> 24.19.147.xxx:65506 [AP] 43 4f 4e 4e 45 43 54 20 32 34 2e 31 31 36 2e 31 CONNECT 24.116.1 31 34 2e 34 3a 32 35 20 48 54 54 50 2f 31 2e 30 14.4:25 HTTP/1.0 0d 0a 0d 0a .... ##### T 2004/03/18 08:24:41.878823 207.36.209.104:1534 -> 24.19.147.xxx:65506 [AP] 43 4f 4e 4e 45 43 54 20 31 39 39 2e 39 36 2e 33 CONNECT 199.96.3 2e 35 3a 32 35 20 48 54 54 50 2f 31 2e 30 0d 0a .5:25 HTTP/1.0.. 0d 0a .. ##### T 2004/03/18 08:24:51.624856 207.36.209.104:2038 -> 24.19.147.xxx:65506 [AP] 43 4f 4e 4e 45 43 54 20 32 31 36 2e 31 35 37 2e CONNECT 216.157. 31 36 2e 31 35 3a 32 35 20 48 54 54 50 2f 31 2e 16.15:25 HTTP/1. 30 0d 0a 0d 0a 0.... #### |
CVE # | Description |
---|