Bugtraq mailing list archives
Ports 1800, 1945
From: jfesler () GIGO COM (Jason Fesler)
Date: Fri, 16 Apr 1999 00:34:47 -0700
I'm seeing more and more probes for ports 1800 and 1945, with many such probes being sourced from well known commonly open port numbesr (ie, 23, 6667). These probes are now easily outnumbering even the imap probes. Today alone I've seen a large number of probes from at least 4 unique IP addresses. Anyone have any leads on what they are looking for? I could not find anything in bugtraq, rootshell, etc. (IP addresses changed to protect the identities of the recipient) Subject: fw1 (Gauntlet 4.0) frequent check output Security Alerts --------------- Dec 20 17:35:44 fw1.________.com unix: securityalert: no match found in forward screen: TCP if=le0 srcaddr=__.(uunet dialup).__ srcport=6667 dstaddr=__.__.__.__ dstport=1945 Dec 20 17:40:04 fw1.________.com unix: securityalert: no match found in forward screen: TCP if=le0 srcaddr=__.(uunet dialup).__ srcport=6667 dstaddr=__.__.__.__ dstport=1800 Jason Fesler <jfesler () gigo com> |".. and ten thousand noblemen squatted and Good, Fast, Cheap - | strained, for the King's word, was law." Pick any two. | - SCA Folklore
Current thread:
- Ports 1800, 1945 Jason Fesler (Apr 16)