Date: Tue, 25 Jul 2000 22:18:44 +0200 From: kurt@pinboard.com To: Stephen Hocking <shocking@houston.rr.com> Cc: security@FreeBSD.ORG Subject: Re: Script kiddies and their port scans Message-ID: <20000725221843.A328@pinboard.com> In-Reply-To: <200007242314.SAA01912@bloop.craftncomp.com>; from shocking@houston.rr.com on Mon, Jul 24, 2000 at 06:14:09PM -0500 References: <200007242314.SAA01912@bloop.craftncomp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 24, 2000 at 06:14:09PM -0500, Stephen Hocking wrote: > Checking the firewall logs I see various attempts to connect to rather unusual > ports on my box - does anyone now what the following are? > 27374 SubSeven v2.1 (windows trojan) > 1243 SubSeven (windows trojan) > 98 - This comes up as TACNEWS in /etc/services linuxconf (linux configuration via web - sometimes on by default without the admins knowing about it) > 143 imap2 imap4 (mail server, some versions with known buffer overflows) info about SubSeven: http://www.sans.org/newlook/resources/IDFAQ/subseven.htm useful URL's: http://www.sans.org/newlook/resources/IDFAQ/oddports.htm http://www.sans.org/y2k/ports.htm http://www.simovits.com/nyheter9902.html (I have some more, but only at the office. However, above is still better than nothing.) -- ---------------------------------------------------------------------- : Kurt@pinboard.com http://www.pinboard.com/ business : : http://kurt.www.pinboard.com/ private : ---------------------------------------------------------------------- : Unix and Internet Specialist : ---------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000725221843.A328>