Date: Tue, 25 Jul 2000 22:18:44 +0200 From: kurt@pinboard.com To: Stephen Hocking <shocking@houston.rr.com> Cc: security@FreeBSD.ORG Subject: Re: Script kiddies and their port scans Message-ID: <20000725221843.A328@pinboard.com> In-Reply-To: <200007242314.SAA01912@bloop.craftncomp.com>; from shocking@houston.rr.com on Mon, Jul 24, 2000 at 06:14:09PM -0500 References: <200007242314.SAA01912@bloop.craftncomp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 24, 2000 at 06:14:09PM -0500, Stephen Hocking wrote:
> Checking the firewall logs I see various attempts to connect to rather unusual
> ports on my box - does anyone now what the following are?
> 27374
SubSeven v2.1 (windows trojan)
> 1243
SubSeven (windows trojan)
> 98 - This comes up as TACNEWS in /etc/services
linuxconf (linux configuration via web - sometimes on by
default without the admins knowing about it)
> 143 imap2
imap4 (mail server, some versions with known buffer overflows)
info about SubSeven:
http://www.sans.org/newlook/resources/IDFAQ/subseven.htm
useful URL's:
http://www.sans.org/newlook/resources/IDFAQ/oddports.htm
http://www.sans.org/y2k/ports.htm
http://www.simovits.com/nyheter9902.html
(I have some more, but only at the office. However, above
is still better than nothing.)
--
----------------------------------------------------------------------
: Kurt@pinboard.com http://www.pinboard.com/ business :
: http://kurt.www.pinboard.com/ private :
----------------------------------------------------------------------
: Unix and Internet Specialist :
----------------------------------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000725221843.A328>