|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [snort] [**] SYN FIN Scan [**]
From: Jesse Nelson (yoda
xuma.com)Date: Fri Mar 10 2000 - 22:44:56 CST
- Next message: linux.snortcube13.net: "[snort] snort remote syslogd"
- Previous message: Jesse Nelson: "Re: [snort] [anno] Snort Statistic Tools Page"
- In reply to: Jerry Shenk: "RE: [snort] [**] SYN FIN Scan [**]"
- Next in thread: Jerry Shenk: "RE: [snort] [**] SYN FIN Scan [**]"
- Reply: Jesse Nelson: "Re: [snort] [**] SYN FIN Scan [**]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Yes it is Commented out in /etc/inetd.conf
(also no as not enabled)
Jerry Shenk wrote:
>
> It's in inetd.conf....I think. That would be enough to enable it when a
> connection is attempted.
>
> ===== Original Message from Jesse Nelson <snortbofh.kyrnet.kg> at 3/10/00
> 5:50 am
> >Jerry Shenk wrote:
> >
> >> linux comes with pop2 enabled....so even if you never use it, if there is an
> >> exploit for it and you have it turned on, somebody else can help themselves
> >> to it.
> >>
> >
> >Pop2 has never been enabled on my Linux (RedHat/Mandrake/VALinux) at least not
> >since 5.0 (when I switched to Rhat)
> >what distro comes with pop2 enabled ?.
> >
> >>
> >> ===== Original Message from "Mullen, Patrick" <snortbofh.kyrnet.kg> at
> >> 3/08/00 2:33 pm
> >> >> I have been getting a whole lot of these scans on pop2
> >> >> aswell, anyone know is there a new exploit out?
> >> >
> >> >Does anyone even use POP2? Granted, I went from
> >> >BBSs to Prodigy email back before the Web really
> >> >existed and before Prodigy had Net access to Vax
> >> >mail right to POP3, but I've never even heard of POP2
> >> >in existance except as a useless line in /etc/services.
> >> >
> >> >(BTW, I've been getting probes to 109 on my home
> >> >machine as well...)
> >> >
> >> >The last BugTraq post regarding pop-2 was 26 May 1999.
> >> >
> >> >http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-05-22&m
> >> >sg=Pine.LNX.3.96.990526202259.4439A-100000ferret.lmh.ox.ac.uk
> >> >
> >> >Get a remote shell as user 'nobody.' Not detrimental
> >> >to your machine, but great for bouncing attacks and
> >> >obfuscating the attack route or passing the blame.
> >> >
> >> >Totally unrelated topic, but does anyone know of an
> >> >sPOP client? I run SSLWrap for my IMAP server, but
> >> >I don't see a way to get Netscape to use it. Am I
> >> >just blind (highly likely)?
> >> >
> >> >
> >> >Thanks,
> >> >
> >> >~Patrick
> >>
> >> Jerry A. Shenk, MCNE
> >> Sr. Systems Engineer - Computer Networking Services
> >> D&E Communications, Inc.
> >> jshenkdecommunications.com
> >> 1-877-433-8632 Fax via efax: (603) 250-1453
> >> my website: www.dect.com/jas
> >
> >--
> >Jesse Nelson
> >X U M A
> >
> >-----BEGIN PGP SIGNATURE-----
> >Version: PGP 6.5.1
> >
> >iQA/AwUBN91vnNhXPjK633e5EQJLGgCgmF4I0ZETgvMYulA1JzKaYkRl5SEAnjKI
> >u0Jei6OSSWvZTIryJKbXZKyi
> >=S62K
> >-----END PGP SIGNATURE-----
>
> Jerry A. Shenk, MCNE
> Sr. Systems Engineer - Computer Networking Services
> D&E Communications, Inc.
> jshenkdecommunications.com
> 1-877-433-8632 Fax via efax: (603) 250-1453
> my website: www.dect.com/jas
-- Jesse Nelson X U M A <Build-to-order e-business>-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1
iQA/AwUBN91vnNhXPjK633e5EQJLGgCgmF4I0ZETgvMYulA1JzKaYkRl5SEAnjKI u0Jei6OSSWvZTIryJKbXZKyi =S62K -----END PGP SIGNATURE-----
- Next message: linux.snortcube13.net: "[snort] snort remote syslogd"
- Previous message: Jesse Nelson: "Re: [snort] [anno] Snort Statistic Tools Page"
- In reply to: Jerry Shenk: "RE: [snort] [**] SYN FIN Scan [**]"
- Next in thread: Jerry Shenk: "RE: [snort] [**] SYN FIN Scan [**]"
- Reply: Jesse Nelson: "Re: [snort] [**] SYN FIN Scan [**]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]