TCP Port 6503

Published: 2007-01-14
Last Updated: 2007-01-15 16:34:17 UTC
by Scott Fendley (Version: 2)
0 comment(s)
We have noticed that earlier today there has been an increase in both sources and targets of port 6503.   The first thing that went through our heads was "What would Jack Bauer do?"   And then we realized, Jack is currently in a Chinese Prison.  Better for us to call on Chloe for help.  

Or we could turn to our readers for packet captures.  So if you are seeing increased traffic to this port, and have packet captures of something other then just SYNs, please submit them to us.


*Note: For those that don't realize, many of the ISC Handlers are big fans of the tv show "24" whose season premiere is Sunday night in the states.  So it is party time for those of us who are fans of the show.

Update:  (2007-01-15 16:30 UTC) Several readers (thanks, Peter and Marcel) have written in to suggest that these packets may be attempts to exploit the CA Brightstor vulnerabilities mentioned below (from Nov 2006).

Reference:
http://www.kb.cert.org/vuls/id/860048
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5143
Keywords:
0 comment(s)
Diary Archives