|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: RE: [snort] [**] SYN FIN Scan [**]
From: Jerry Shenk (jas
dect.com)Date: Thu Mar 09 2000 - 07:32:17 CST
- Next message: Jerry Shenk: "RE: [snort] [**] SYN FIN Scan [**]"
- Previous message: Jesse Nelson: "Re: [snort] [**] SYN FIN Scan [**]"
- Maybe in reply to: Ed Padin: "[snort] [**] SYN FIN Scan [**]"
- Next in thread: Jesse Nelson: "Re: [snort] [**] SYN FIN Scan [**]"
- Next in thread: Jerry Shenk: "RE: [snort] [**] SYN FIN Scan [**]"
- Maybe reply: Jerry Shenk: "RE: [snort] [**] SYN FIN Scan [**]"
- Reply: Jesse Nelson: "Re: [snort] [**] SYN FIN Scan [**]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
It's in inetd.conf....I think. That would be enough to enable it when a
connection is attempted.
===== Original Message from Jesse Nelson <snortbofh.kyrnet.kg> at 3/10/00
5:50 am
>Jerry Shenk wrote:
>
>> linux comes with pop2 enabled....so even if you never use it, if there is an
>> exploit for it and you have it turned on, somebody else can help themselves
>> to it.
>>
>
>Pop2 has never been enabled on my Linux (RedHat/Mandrake/VALinux) at least not
>since 5.0 (when I switched to Rhat)
>what distro comes with pop2 enabled ?.
>
>>
>> ===== Original Message from "Mullen, Patrick" <snortbofh.kyrnet.kg> at
>> 3/08/00 2:33 pm
>> >> I have been getting a whole lot of these scans on pop2
>> >> aswell, anyone know is there a new exploit out?
>> >
>> >Does anyone even use POP2? Granted, I went from
>> >BBSs to Prodigy email back before the Web really
>> >existed and before Prodigy had Net access to Vax
>> >mail right to POP3, but I've never even heard of POP2
>> >in existance except as a useless line in /etc/services.
>> >
>> >(BTW, I've been getting probes to 109 on my home
>> >machine as well...)
>> >
>> >The last BugTraq post regarding pop-2 was 26 May 1999.
>> >
>> >http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-05-22&m
>> >sg=Pine.LNX.3.96.990526202259.4439A-100000ferret.lmh.ox.ac.uk
>> >
>> >Get a remote shell as user 'nobody.' Not detrimental
>> >to your machine, but great for bouncing attacks and
>> >obfuscating the attack route or passing the blame.
>> >
>> >Totally unrelated topic, but does anyone know of an
>> >sPOP client? I run SSLWrap for my IMAP server, but
>> >I don't see a way to get Netscape to use it. Am I
>> >just blind (highly likely)?
>> >
>> >
>> >Thanks,
>> >
>> >~Patrick
>>
>> Jerry A. Shenk, MCNE
>> Sr. Systems Engineer - Computer Networking Services
>> D&E Communications, Inc.
>> jshenkdecommunications.com
>> 1-877-433-8632 Fax via efax: (603) 250-1453
>> my website: www.dect.com/jas
>
>--
>Jesse Nelson
>X U M A
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP 6.5.1
>
>iQA/AwUBN91vnNhXPjK633e5EQJLGgCgmF4I0ZETgvMYulA1JzKaYkRl5SEAnjKI
>u0Jei6OSSWvZTIryJKbXZKyi
>=S62K
>-----END PGP SIGNATURE-----
Jerry A. Shenk, MCNE
Sr. Systems Engineer - Computer Networking Services
D&E Communications, Inc.
jshenkdecommunications.com
1-877-433-8632 Fax via efax: (603) 250-1453
my website: www.dect.com/jas
- Next message: Jerry Shenk: "RE: [snort] [**] SYN FIN Scan [**]"
- Previous message: Jesse Nelson: "Re: [snort] [**] SYN FIN Scan [**]"
- Maybe in reply to: Ed Padin: "[snort] [**] SYN FIN Scan [**]"
- Next in thread: Jesse Nelson: "Re: [snort] [**] SYN FIN Scan [**]"
- Next in thread: Jerry Shenk: "RE: [snort] [**] SYN FIN Scan [**]"
- Maybe reply: Jerry Shenk: "RE: [snort] [**] SYN FIN Scan [**]"
- Reply: Jesse Nelson: "Re: [snort] [**] SYN FIN Scan [**]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]