Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Port 65506 (tcp/udp) Attack Activity Port 65506 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
[get complete service list]
Port Information
Protocol Service Name
tcp phatbot-ssl Phatbot SSL Proxy
tcp ISS Scanner Admin Remote Mngmt ISS Internet Scanner by Site Protector
Top IPs Scanning
TodayYesterday
Port diary mentions
URL
Oracle Application Server Web Cache Vulnerabilities; Port 65506
Port 559 and 65506
User Comments
Submitted By Date
Comment
Dave D 2004-06-21 17:08:06
I downloaded a spam client (Stealth Mail Master 4.2) that brags it has "5000-100000 fresh proxies daily" and ran nessus at it, found that it connects outbound via fairly random port but expects to find a connection at port 65,506 on its target hosts. Connects in the clear. more analysis could reveal more.
John Sage 2004-03-19 06:41:16
TCP:65506 has just gone through the roof in the last day (03/18/04) or two. Typical payload is an attempt to connect to TCP:25 somewhere... input: snort.log.1079626835 filter: ip and ( dst port 65506 ) match: CONNECT ### T 2004/03/18 08:20:48.194911 207.36.209.104:1184 -> 24.19.147.xxx:65506 [AP] 43 4f 4e 4e 45 43 54 20 32 31 32 2e 31 35 35 2e CONNECT 212.155. 32 30 37 2e 31 3a 32 35 20 48 54 54 50 2f 31 2e 207.1:25 HTTP/1. 30 0d 0a 0d 0a 0.... ###### T 2004/03/18 08:21:07.953162 207.36.209.104:2588 -> 24.19.147.xxx:65506 [AP] 43 4f 4e 4e 45 43 54 20 32 34 2e 31 31 36 2e 31 CONNECT 24.116.1 31 34 2e 34 3a 32 35 20 48 54 54 50 2f 31 2e 30 14.4:25 HTTP/1.0 0d 0a 0d 0a .... ##### T 2004/03/18 08:24:41.878823 207.36.209.104:1534 -> 24.19.147.xxx:65506 [AP] 43 4f 4e 4e 45 43 54 20 31 39 39 2e 39 36 2e 33 CONNECT 199.96.3 2e 35 3a 32 35 20 48 54 54 50 2f 31 2e 30 0d 0a .5:25 HTTP/1.0.. 0d 0a .. ##### T 2004/03/18 08:24:51.624856 207.36.209.104:2038 -> 24.19.147.xxx:65506 [AP] 43 4f 4e 4e 45 43 54 20 32 31 36 2e 31 35 37 2e CONNECT 216.157. 31 36 2e 31 35 3a 32 35 20 48 54 54 50 2f 31 2e 16.15:25 HTTP/1. 30 0d 0a 0d 0a 0.... ####
Add a comment
CVE Links
CVE # Description