Security Basics mailing list archives
Re: Slow scan on high-ports?
From: khayes () eastbay com
Date: Tue, 29 Oct 2002 12:03:05 -0800
Often the folks in the Warez scene will hack into a machine and install a hidden FTP server set to run on these higher port numbers. The idea being that they are safe because so few applications/services actually use these ports the network/systems admins won't think to look there. Ken Hayes Network Administrator Eastbay / Footlocker.com Wausau, WI Offices (715) 261-9573 khayes () eastbay com To: security-basics () securityfocus com cc: Rolf Jürrens Subject: Slow scan on high-ports? <security@rolf-juerrens. de> Sent by: <rjuerrens () web de> 10/29/2002 12:39 AM Hi everyone, in our firewall-logs I see a slow scan over our whole network from one IP address on tcp ports >65300. The scan lasts now about 24 hours with only 50 packets. What is the purpose of such a scan? Since all ports are normally closed in these ranges, no one can expect to gather information about a network - am I right? Or are there any interesting ports in this range? By the way: the IP address appears in the dshield.org database as an attacker address. Greetings Rolf ______________________________________________________________________________ Die drei G des Glücks: Gemeinsam garantiert gewinnen! Jetzt mittippen! https://spielgemeinschaften.web.de/?mc=021101 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The information in this e-mail, and any attachment therein, is confidential and for use by the addressee only. If you are not the intended recipient, please return the e-mail to the sender and delete it from your computer. Although the Company attempts to sweep e-mail and attachments for viruses, it does not guarantee that either are virus-free and accepts no liability for any damage sustained as a result of viruses.
Current thread:
- Slow scan on high-ports? Rolf Jürrens (Oct 29)
- Re: Slow scan on high-ports? phani (Oct 30)
- <Possible follow-ups>
- Re: Slow scan on high-ports? khayes (Oct 29)
- RE: Slow scan on high-ports? Wolf, Glenn (Oct 29)