Date: Mon, 08 Nov 1999 19:39:42 +0000 From: Richard Yeardley <NOSPAMrichy@hunter13.com> To: security@FreeBSD.ORG Subject: Re: Port 1243 scans Message-ID: <8yYnOPqvBeTUvzVjGPbHBD=XU=FC@4ax.com> In-Reply-To: <Pine.BSF.3.96.991108222201.2364B-100000@gaia.nimnet.asn.au> References: <Pine.BSF.3.96.991108222201.2364B-100000@gaia.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 8 Nov 1999 22:43:48 +1100 (EST), Ian Smith <smithi@nimnet.asn.au> wrote: >Hi folks, > >The last two days we've had several attempted scans of tcp port 1243 >from two systems in our locality, presumably over our /26 subnet. This >seems to be their only port of interest; I only noticed it due to their >having scanned unallocated addresses to which ipfw logs access attempts. > >What are they looking for? Is this one of these Netbus/BO things? We do >have Windoze boxes on the LAN, as some with local knowledge would know; >I guess I'll have to bolt down ports that wouldn't worry freebsd boxes. > >To save asking more silly questions, is there a list of ports used by >various nasties somewhere out there (not in /etc/services, obviously). > >If it matters, this is a 2.2.6-RELEASE box with known security fixes, >soon to be upgraded to 3.3, once the airmail arrives. > >Cheers, Ian I had a similar thing the other day - this time from two hosts at btinternet.com here in the uk. Perhaps it's a known port on one of the new chat apps - eg AOL Instant Messager? Rich. --=20 =46BSD3.3R : IBM PR233 : 64MB RAM : 4.3GB HD : V90 modem : NE2000 PCI Apache 1.3.9+PHP 3.12 : named : socks5 v1.0r10 : ipfw : mysql 3.22 fetchmail 5.1.2 : qpopper 2.53 : procmail 3.13.1 : ircd 2.10.1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8yYnOPqvBeTUvzVjGPbHBD=XU=FC>