Firewall Wizards mailing list archives
Re: UDP Port 137 - Now TCP 143
From: Randy Witlicki <randy.witlicki () valley net>
Date: Sun, 7 Feb 1999 08:53:27 -0500
Thanks to all who responded regarding UDP port 137. I learned some interesting facts. I got a new one this morning. Does anyone know why would someone/something be hitting TCP port 143? This was at 2:30 AM from bay-030-b5.codetel.net.do (206.105.238.30 - Dominican Republic - a router?) Protocol=TCP Port 2734->143? JB
Port 137 is "normal" gibberish emitted from a Windows PC. A connect to 143 is a probe which you should consider as hostile activity. % grep 143 rfc1700.txt | head -1 imap2 143/tcp Interim Mail Access Protocol v2 (I usually use www.iana.org as a better source for numbers, but I don't a have a web rorwser open at the moment) There was a CERT advisory a while back about IMAP vulnerabilities: ftp://info.cert.org/pub/cert_advisories/CA-97.09.imap_pop You might also look at www.rootshell.com if you are looking for some actual exploit code. - Randy -
Current thread:
- UDP Port 137 - Now TCP 143 Burgess, John (EDS) (Feb 06)
- Re: UDP Port 137 - Now TCP 143 Lorens Kockum (Feb 08)
- Re: UDP Port 137 - Now TCP 143 John Ladwig (Feb 09)
- Re: UDP Port 137 - Now TCP 143 Cristiano Lincoln Mattos (Feb 08)
- Re: UDP Port 137 - Now TCP 143 Randy Witlicki (Feb 08)
- Re: UDP Port 137 - Now TCP 143 Daniel J. Gregor Jr. (Feb 08)
- Re: UDP Port 137 - Now TCP 143 Michael T. Shinn (Feb 09)
- <Possible follow-ups>
- Re: UDP Port 137 - Now TCP 143 Bill_Royds (Feb 08)
- Re: UDP Port 137 - Now TCP 143 David Gillett (Feb 10)
- RE: UDP Port 137 - Now TCP 143 David Bovee (Feb 11)
- Re: UDP Port 137 - Now TCP 143 David Gillett (Feb 10)
- Re: UDP Port 137 - Now TCP 143 Lorens Kockum (Feb 08)