From owner-freebsd-security  Mon Nov  8 11:38:44 1999
Delivered-To: freebsd-security@freebsd.org
Received: from oracle.clara.net (oracle.clara.net [195.8.69.94])
	by hub.freebsd.org (Postfix) with ESMTP id A4AC515277
	for <security@freebsd.org>; Mon,  8 Nov 1999 11:38:32 -0800 (PST)
	(envelope-from NOSPAMrichy@hunter13.com)
Received: from [195.8.86.207] (helo=unix.hunter13.lan ident=root)
	by oracle.clara.net with esmtp (Exim 2.12 #2)
	id 11kucY-000Ldm-00
	for security@FreeBSD.ORG; Mon, 8 Nov 1999 19:38:31 +0000
Received: from rich.hunter13.lan (richy@rich.hunter13.lan [192.168.0.1])
	by unix.hunter13.lan (8.9.3/8.9.3) with SMTP id TAA19533
	for <security@FreeBSD.ORG>; Mon, 8 Nov 1999 19:38:29 GMT
	(envelope-from NOSPAMrichy@hunter13.com)
From: Richard Yeardley <NOSPAMrichy@hunter13.com>
To: security@FreeBSD.ORG
Subject: Re: Port 1243 scans
Date: Mon, 08 Nov 1999 19:39:42 +0000
Organization: Hunter 13
Message-ID: <8yYnOPqvBeTUvzVjGPbHBD=XU=FC@4ax.com>
References: <Pine.BSF.3.96.991108222201.2364B-100000@gaia.nimnet.asn.au>
In-Reply-To: <Pine.BSF.3.96.991108222201.2364B-100000@gaia.nimnet.asn.au>
X-Mailer: Forte Agent 1.6/32.525
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 8 Nov 1999 22:43:48 +1100 (EST), Ian Smith
<smithi@nimnet.asn.au> wrote:

>Hi folks,
>
>The last two days we've had several attempted scans of tcp port 1243
>from two systems in our locality, presumably over our /26 subnet. This
>seems to be their only port of interest; I only noticed it due to their
>having scanned unallocated addresses to which ipfw logs access attempts.
>
>What are they looking for?  Is this one of these Netbus/BO things? We do
>have Windoze boxes on the LAN, as some with local knowledge would know;
>I guess I'll have to bolt down ports that wouldn't worry freebsd boxes.
>
>To save asking more silly questions, is there a list of ports used by
>various nasties somewhere out there (not in /etc/services, obviously).
>
>If it matters, this is a 2.2.6-RELEASE box with known security fixes,
>soon to be upgraded to 3.3, once the airmail arrives.
>
>Cheers, Ian

I had a similar thing the other day - this time from two hosts at
btinternet.com here in the uk.  Perhaps it's a known port on one of
the new chat apps - eg AOL Instant Messager?

Rich.
--=20
=46BSD3.3R : IBM PR233 : 64MB RAM : 4.3GB HD : V90 modem : NE2000 PCI
Apache 1.3.9+PHP 3.12 : named : socks5 v1.0r10 : ipfw : mysql 3.22
fetchmail 5.1.2 : qpopper 2.53 : procmail 3.13.1 : ircd 2.10.1


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message