Date: Thu, 31 May 2001 12:15:20 -0000 From: "WebSec WebSec" <secure21st@hotmail.com> To: security@FreeBSD.ORG Subject: Port 21 Message-ID: <F45opYC98Bi89QtpfTY000063a4@hotmail.com>
next in thread | raw e-mail | index | archive | help
<html><DIV> <DIV> <P><FONT face=Helv color=#000000 size=2>This past weekend my IDS and honey pot picked-up stealth scans on port 21 to port 21.</FONT></P> <P><FONT face=Helv size=2>I used a number of tools to "trace" IPs of scanners and they all pointed towards an asian organization. (Understanding limitations of TCP, I do not think anyone will state that this means anything :( )</FONT></P> <P><FONT face=Helv size=2>One of the honeypots was on a DSL assigned sub-net. IT makes me think that whoever scanned me was after residential computers. (this is no different from others except for IDS installed :) )</FONT></P> <P><FONT face=Helv size=2>In my case all scans were "stealth".</FONT></P> <P><FONT face=Helv size=2>Also, in my opinion it may not be a good idea to provide real IPs (at least in this list) because you never know how you can tip someone. Yes, this is "security" by obscurity, but....</FONT></P> <P><FONT face=Helv size=2>Hope this helps.</FONT></P> <P><FONT face=Helv size=2></FONT> </P> <P><FONT face=Helv size=2></FONT> </P> <P><FONT face=Helv size=2>---------------------------------------------------------------------------------------------------------------------------------------------</FONT></P> <P><FONT face=Helv color=#000000 size=2>My opinion is that unknown scanner was hoping to meet one of those admins who still use remote port of TCP/UDP packet as filter in</P> <DIR> <P>their firewall rules (like this: "ipfw allow tcp from any 21").</P> <P>NKritsky - SysAdmin InternetHelp.Ru</P> <P>http://www.internethelp.ru</P>; <P>e-mail: nkritsky@internethelp.ru</P> <P> </P> <P> </P> <P>-----Original Message-----</P> <P>From: Lim Seng Chor <Lim.Seng.Chor@sit.edu.my></P> <P>To: freebsd-security@FreeBSD.ORG <freebsd-security@FreeBSD.ORG></P> <P>Date: 31 мая 2001 г. 13:01</P> <P>Subject: port 21</P> <P> </P> <P>my kernel message showing:</P> <P>Connection attempt to TCP 202.184.64.29:21 from</P> <P>213.137.2.195:21</P> <P>anyone can explain why 213.137.2.195 can use port 21 to connect</P> <P>to my ftp port but not random port above 1024?</P> <P>To Unsubscribe: send mail to majordomo@FreeBSD.org</P> <P>with "unsubscribe freebsd-security" in the body of the message</P> <P> </P> <P> </P> <P>To Unsubscribe: send mail to majordomo@FreeBSD.org</P> <P>with "unsubscribe freebsd-security" in the body of the message</P></DIR></FONT></DIV></DIV><br clear=all><hr>Get your FREE download of MSN Explorer at <a href="http://explorer.msn.com">http://explorer.msn.com</a><br></p></html>; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F45opYC98Bi89QtpfTY000063a4>