fernandoBN.PT

• Next message: Stuart Staniford-Chen: "Re: Port 6112"
• Previous message: Eric the Fruitbat: "Re: Cracked; rootkit - entrapment question?"
• Maybe in reply to: Omachonu Ogali: "Port 1243"
• Maybe reply: Fernando Cardoso: "Re: Port 1243"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It seems that someone scanned your network looking for a backdoor called
SubSeven, which uses port 1243. Check their website for details:
http://subseven.slak.org/

Fernando

______________________________________________
Fernando Cardoso
Network Administrator
National Library of Portugal

> -----Original Message-----
> From: Omachonu Ogali [mailto:oogaliINTRANOVA.NET]
> Sent: quinta-feira, 16 de Março de 2000 14:42
> To: INCIDENTSSECURITYFOCUS.COM
> Subject: Port 1243
>
>
> Last night I received a port scan on all my IP's for a foreign dialup
> customer looking for port 1243. I talked to the rest of the network
> engineers and they reported it was a scan of our whole subnet. Anyone
> remember anything off head about this port? (Each xxx.xxx.xxx.xxx
> represents a different IP address).
>
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3575
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3576
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3577
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3578
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3579
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3616
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3617
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3620
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3619
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3687
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3688
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3689
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3690
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3691
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3692
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3693
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3695
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3694
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3696
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3697
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3698
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3699
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3700
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3701
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3702
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3703
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from
> 209.94.212.136:3704
>
> --
> +-------------------------------------------------------------
> ------------+
> | Omachonu Ogali
> oogaliintranova.net |
> | Intranova Networking Group
http://tribune.intranova.net |
| PGP Key ID:
0xBFE60839 |
| PGP Fingerprint: C8 51 14 FD 2A 87 53 D1 E3 AA 12 12 01 93 BD
34 |
+-----------------------------------------------------------------------
--+

• Next message: Stuart Staniford-Chen: "Re: Port 6112"
• Previous message: Eric the Fruitbat: "Re: Cracked; rootkit - entrapment question?"
• Maybe in reply to: Omachonu Ogali: "Port 1243"
• Maybe reply: Fernando Cardoso: "Re: Port 1243"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]