Earlier this week, a vulnerability in RealServer was announce. This vulnerability may be exploitable via port 554, 7070, 8080, 9090 and 22010. After the announcement, we did see a notable increase in scans for port 554 and 7070.

At this point, no patch is available. However, Real published configuration options to avoid the vulnerability.

Real Networks Announcement:

http://service.real.com/help/faq/security/rootexploit082203.html

Port 554 Graph:

http://isc.sans.org/port_details.html?port=554

Port 7070 Graph:

http://isc.sans.org/port_details.html?port=7070

Please send any additional information, like packet captures, to isc@sans.org .