From owner-freebsd-security Mon Nov 8 3:43:45 1999 Delivered-To: freebsd-security@freebsd.org Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by hub.freebsd.org (Postfix) with ESMTP id 1EE7F14BCD for ; Mon, 8 Nov 1999 03:43:30 -0800 (PST) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.0) with SMTP id WAA03377 for ; Mon, 8 Nov 1999 22:43:48 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Mon, 8 Nov 1999 22:43:48 +1100 (EST) From: Ian Smith To: security@freebsd.org Subject: Port 1243 scans Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi folks, The last two days we've had several attempted scans of tcp port 1243 from two systems in our locality, presumably over our /26 subnet. This seems to be their only port of interest; I only noticed it due to their having scanned unallocated addresses to which ipfw logs access attempts. What are they looking for? Is this one of these Netbus/BO things? We do have Windoze boxes on the LAN, as some with local knowledge would know; I guess I'll have to bolt down ports that wouldn't worry freebsd boxes. To save asking more silly questions, is there a list of ports used by various nasties somewhere out there (not in /etc/services, obviously). If it matters, this is a 2.2.6-RELEASE box with known security fixes, soon to be upgraded to 3.3, once the airmail arrives. Cheers, Ian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message