Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Port 4899 (tcp/udp) Attack Activity Port 4899 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
[get complete service list]
Port Information
Protocol Service Name
tcp radmin Remote Administrator default port
Top IPs Scanning
TodayYesterday
183.16.102.141 (39)42.51.191.172 (123)
183.16.103.89 (38)113.118.162.183 (59)
85.132.24.75 (23)116.24.91.109 (52)
27.151.115.81 (22)27.151.115.81 (51)
113.118.162.183 (21)217.168.75.75 (50)
116.24.91.108 (16)183.13.20.211 (43)
183.13.20.211 (14)183.16.101.25 (41)
116.24.91.109 (13)116.24.91.108 (38)
217.168.75.75 (13)183.16.102.141 (36)
195.162.48.75 (12)183.16.103.33 (35)
Port diary mentions
URL
Law, spam, and 4899tcp
A day in the life of a firewall log
TCP scanning increase for 4899
User Comments
Submitted By Date
Comment
Timo Steffens 2009-10-04 18:34:16
On the following forum there is a post (#13) describing how to determine whether a packet was really intended for radmin (static identification data) : http://www.governmentsecurity.org/forum/index.php?showtopic=7866
2004-10-28 05:52:28
http://www.pestpatrol.com/PestInfo/r/remote_administrator__rat_.asp
Ronaldo Vasconcellos 2004-08-23 22:42:38
More info on 4899 TCP on: [VulnWatch] SECNAP Security Alert: Radmin Default install options vulnerability http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0099.html As stated just above, there´s a known vulnerability related to this service (radmin). The intent of this post is just to provide you with more info about this vuln.
Paulo Sedrez 2004-07-23 04:58:32
There is a known remote exploitable vulnerability in radmin server versions 2.0 and 2.1 that allows code execution.
Add a comment
CVE Links
CVE # Description