Firewall Wizards mailing list archives
Re: UDP Port 137 - Now TCP 143
From: Cristiano Lincoln Mattos <lincoln () hotlink com br>
Date: Sun, 7 Feb 1999 01:47:34 -0200 (EDT)
Hi, TCP port 143 is the IMAP port. There was a vulnerabilty which when exploited would allow remote root access, in the University of Washington IMAP server (the most popular one), a few months ago. Exploit scripts were widely spread around the kiddie community, and tool's to scan for site's with it too. You're probably being hit by one of those scans. Cristiano Lincoln Mattos Recife / Brazil On Fri, 5 Feb 1999, Burgess, John (EDS) wrote:
Thanks to all who responded regarding UDP port 137. I learned some interesting facts. I got a new one this morning. Does anyone know why would someone/something be hitting TCP port 143? This was at 2:30 AM from bay-030-b5.codetel.net.do (206.105.238.30 - Dominican Republic - a router?) Protocol=TCP Port 2734->143? JB
Current thread:
- UDP Port 137 - Now TCP 143 Burgess, John (EDS) (Feb 06)
- Re: UDP Port 137 - Now TCP 143 Lorens Kockum (Feb 08)
- Re: UDP Port 137 - Now TCP 143 John Ladwig (Feb 09)
- Re: UDP Port 137 - Now TCP 143 Cristiano Lincoln Mattos (Feb 08)
- Re: UDP Port 137 - Now TCP 143 Randy Witlicki (Feb 08)
- Re: UDP Port 137 - Now TCP 143 Daniel J. Gregor Jr. (Feb 08)
- Re: UDP Port 137 - Now TCP 143 Michael T. Shinn (Feb 09)
- <Possible follow-ups>
- Re: UDP Port 137 - Now TCP 143 Bill_Royds (Feb 08)
- Re: UDP Port 137 - Now TCP 143 David Gillett (Feb 10)
- RE: UDP Port 137 - Now TCP 143 David Bovee (Feb 11)
- Re: UDP Port 137 - Now TCP 143 David Gillett (Feb 10)
- Re: UDP Port 137 - Now TCP 143 Lorens Kockum (Feb 08)