Suspicious Scans...

Reports in the news of suspicious scans potentially related to a product called ServerProtect. The article describes how there has been some recent increased scanning activity related to TCP port 5168, which is related to a remote procedure call service in ServerProtect. Apparently, a number of machines in a wide range of IP addresses have been scanning this port.

One of the interesting quotes is this:

"Trend Micro issued a warning of its own yesterday based on the ISC scanning alert to virtually beg ServerProtect users to patch ASAP. "We implore security administrators to apply the latest ServerProtect security patch avalable from Trend Micro as soon as possible to protect against any potential attack," read the warning."

It will be very interesting to see if a viable attack is levied in the near future on this vulnerability.

Chalmer