Security Incidents mailing list archives

Re: lots of interest in port 109 (POP2)

From: paulrice () XSITE NET (Paul Rice)
Date: Mon, 13 Mar 2000 20:53:08 -0000


I am not sure why there have been so many scans of Pop2, 
but one of the sites that scanned us was compromised and 
used as a launching point for several Pop2 scans.  This has 
been reported to cert.  Strange.

Thanks,

Paul R.

Current thread:

Re: Linux-box hacked, ls, ps, login modified, (continued)
- - - Re: Linux-box hacked, ls, ps, login modified Granquist, Lamont (Mar 24)
    - 'fatal:' sshd log message Przemyslaw Frasunek (Mar 25)
    - sgi-dgl scanning Michael Stone (Mar 27)
    - unusual mail file Donald McLachlan (Mar 28)
    - Re: unusual mail file Ryan Hilton (Mar 28)
    - Front Page Extensions vventura () SIA PT (Mar 28)
    - Re: sgi-dgl scanning E. Larry Lidz (Mar 28)
    - Syn attacks ? Klavs Klavsen (Mar 28)
    - Re: lots of interest in port 109 (POP2) markus tromday (Mar 22)
- Re: lots of interest in port 109 (POP2) Donald McLachlan (Mar 07)
  - Re: lots of interest in port 109 (POP2) Paul Rice (Mar 13)
  - Munged Napster Sessions Stephen P. Berry (Mar 13)
    - Looking for Squid Proxies Cy Schubert - ITSD Open Systems Group (Mar 16)
    - Re: Munged Napster Sessions Vanja Hrustic (Mar 16)
    - Port 6112 Stuart Staniford-Chen (Mar 17)
    - Re: Port 6112 Robert Graham (Mar 20)
    - Re: Port 6112 Stuart Staniford-Chen (Mar 20)
    - nbname scans Rick Tortorella (Mar 20)
    - Port 27960 Stuart Staniford-Chen (Mar 17)
    - Re: Port 27960 steve balla (Mar 20)
    - Re: Port 27960 Odd Arne Beck (Mar 20)

(Thread continues...)