Date: Tue, 9 Nov 1999 06:45:55 +1100 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: David G Andersen <danderse@cs.utah.edu> Cc: ewayte@pegasus.cc.ucf.edu, security@FreeBSD.ORG Subject: Re: Port 1243 scans Message-ID: <Pine.BSF.3.96.991109062729.13408C-100000@gaia.nimnet.asn.au> In-Reply-To: <199911081818.LAA09387@faith.cs.utah.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 8 Nov 1999, David G Andersen wrote: > Right. What you want instead is: > > Well-known port numbers for trojan horse programs: > > http://www.sans.org/newlook/resources/IDFAQ/oddports.htm > > Unfortunately, 1243 doesn't appear to be used by anything in this list, > either. Which is still useful information in and of itself. :) It's > probably someone's customized thing, or an obscure program. Had a look at that, thankyou David. Also had some email pointing to: http://www.robertgraham.com/pubs/firewall-seen.html which seems to contain a wealth of material on various port attacks: 1243 Sub-7 Trojan Horse (TCP). This is a commonly seen scan looking for systems compromised by this trojan. Sub-Seven scans are becoming very frequent, primarily due to an easy-to-use scanner built-in to the client. Thanks to all who helped. Now to find out who, how, and whether .. Cheers, Ian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.991109062729.13408C-100000>