Security Incidents mailing list archives
Re: [incidents] Re: Re : Large scale scan of port 2401
From: David Bronder <david-bronder () uiowa edu>
Date: Fri, 24 Aug 2001 15:37:25 -0500 (CDT)
Actually, AIX does use port 2401 for an AIX-specific service, writesrv. Yes, it is in conflict with the assigned number for cvspserver. They're not the first vendor to do that, and they won't be the last. It does require disabling the writesrv service before running a CVS pserver on AIX. (Not that awkward, and not that hard to identify as the reason your pserver won't start. But still an extra step.) I agree it probably does make more sense for it to be a search for CVS servers than for AIX systems, though. =Dave Sevo Stille wrote:
axess wrote:2401/tcp cvspserver This port is used by AIXI'd be surprised if it were - it would make anon-cvs rather awkward to run on AIX, and that probably would have made it into public knowledge. This is the default port for CVS servers, anon included. And the number of the latter alone will probably outnumber the count of open AIX systems on the net by a magnitude or more... I'd expect 2401 scans to look for CVS rather than AIX. Have any new CVS exploits cropped up? Of course, people might just be looking for open accounts or public access to private archives...
-- Hello World. David Bronder - Systems Admin Segmentation Fault ITS-SPA, Univ. of Iowa Core dumped, disk trashed, quota filled, soda warm. david-bronder () uiowa edu ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re : Large scale scan of port 2401 axess (Aug 23)
- Re: Re : Large scale scan of port 2401 John Marquart (Aug 23)
- Re: Re : Large scale scan of port 2401 axess (Aug 23)
- Re: Re : Large scale scan of port 2401 Sevo Stille (Aug 24)
- Re: [incidents] Re: Re : Large scale scan of port 2401 David Bronder (Aug 27)
- Re: Re : Large scale scan of port 2401 axess (Aug 27)
- Re: Re : Large scale scan of port 2401 John Marquart (Aug 23)