Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Port 65506 (tcp/udp) Attack Activity Port 65506 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
[get complete service list]
Port Information
Protocol Service Name
tcp phatbot-ssl Phatbot SSL Proxy
tcp ISS Scanner Admin Remote Mngmt ISS Internet Scanner by Site Protector
Top IPs Scanning
TodayYesterday
137.74.85.93 (2)176.57.71.239 (3)
195.54.166.239 (1)17.57.144.37 (2)
17.57.144.37 (1)92.63.196.13 (2)
207.38.70.46 (1)17.57.144.36 (2)
195.186.4.109 (1)17.57.144.150 (1)
195.186.1.168 (1)68.67.181.202 (1)
Port diary mentions
URL
Oracle Application Server Web Cache Vulnerabilities; Port 65506
Port 559 and 65506
User Comments
Submitted By Date
Comment
Dave D 2004-06-21 17:08:06
I downloaded a spam client (Stealth Mail Master 4.2) that brags it has "5000-100000 fresh proxies daily" and ran nessus at it, found that it connects outbound via fairly random port but expects to find a connection at port 65,506 on its target hosts. Connects in the clear. more analysis could reveal more.
John Sage 2004-03-19 06:41:16
TCP:65506 has just gone through the roof in the last day (03/18/04) or two. Typical payload is an attempt to connect to TCP:25 somewhere... input: snort.log.1079626835 filter: ip and ( dst port 65506 ) match: CONNECT ### T 2004/03/18 08:20:48.194911 207.36.209.104:1184 -> 24.19.147.xxx:65506 [AP] 43 4f 4e 4e 45 43 54 20 32 31 32 2e 31 35 35 2e CONNECT 212.155. 32 30 37 2e 31 3a 32 35 20 48 54 54 50 2f 31 2e 207.1:25 HTTP/1. 30 0d 0a 0d 0a 0.... ###### T 2004/03/18 08:21:07.953162 207.36.209.104:2588 -> 24.19.147.xxx:65506 [AP] 43 4f 4e 4e 45 43 54 20 32 34 2e 31 31 36 2e 31 CONNECT 24.116.1 31 34 2e 34 3a 32 35 20 48 54 54 50 2f 31 2e 30 14.4:25 HTTP/1.0 0d 0a 0d 0a .... ##### T 2004/03/18 08:24:41.878823 207.36.209.104:1534 -> 24.19.147.xxx:65506 [AP] 43 4f 4e 4e 45 43 54 20 31 39 39 2e 39 36 2e 33 CONNECT 199.96.3 2e 35 3a 32 35 20 48 54 54 50 2f 31 2e 30 0d 0a .5:25 HTTP/1.0.. 0d 0a .. ##### T 2004/03/18 08:24:51.624856 207.36.209.104:2038 -> 24.19.147.xxx:65506 [AP] 43 4f 4e 4e 45 43 54 20 32 31 36 2e 31 35 37 2e CONNECT 216.157. 31 36 2e 31 35 3a 32 35 20 48 54 54 50 2f 31 2e 16.15:25 HTTP/1. 30 0d 0a 0d 0a 0.... ####
Add a comment
CVE Links
CVE # Description