|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Script kiddies and their port scans
From: kurt
pinboard.comDate: Tue Jul 25 2000 - 15:18:44 CDT
- Next message: Darren Reed: "Re: log with dynamic firewall rules"
- Previous message: Stephen Montgomery-Smith: "Re: log with dynamic firewall rules"
- In reply to: Stephen Hocking: "Script kiddies and their port scans"
- Reply: kurtpinboard.com: "Re: Script kiddies and their port scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Jul 24, 2000 at 06:14:09PM -0500, Stephen Hocking wrote:
> Checking the firewall logs I see various attempts to connect to rather unusual
> ports on my box - does anyone now what the following are?
> 27374
SubSeven v2.1 (windows trojan)
> 1243
SubSeven (windows trojan)
> 98 - This comes up as TACNEWS in /etc/services
linuxconf (linux configuration via web - sometimes on by
default without the admins knowing about it)
> 143 imap2
imap4 (mail server, some versions with known buffer overflows)
info about SubSeven:
http://www.sans.org/newlook/resources/IDFAQ/subseven.htm
useful URL's:
http://www.sans.org/newlook/resources/IDFAQ/oddports.htm
http://www.sans.org/y2k/ports.htm
http://www.simovits.com/nyheter9902.html
(I have some more, but only at the office. However, above
is still better than nothing.)
-- ---------------------------------------------------------------------- : KurtTo Unsubscribe: send mail to majordomo
- Next message: Darren Reed: "Re: log with dynamic firewall rules"
- Previous message: Stephen Montgomery-Smith: "Re: log with dynamic firewall rules"
- In reply to: Stephen Hocking: "Script kiddies and their port scans"
- Reply: kurtpinboard.com: "Re: Script kiddies and their port scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]