Firewall Wizards mailing list archives
Re: UDP Port 137 - Now TCP 143
From: John Ladwig <jladwig () nts umn edu>
Date: Mon, 8 Feb 1999 19:15:58 -0600 (CST)
On firewall-wizards jburgess () railtex com wrote:[...] Does anyone know why would someone/something be hitting TCP port 143?That's IMAP (v2 and I believe v1 as well). I suppose that if it wasn't filtered out, someone might get somebody else's mail that way, though the appropriate password should be needed. I suppose it *could* be a laptop normally on your network on holiday in .do, but if that is not the case (maybe you don't even use IMAP?) then yes, someone is probably trying to sound out your weaknesses... Do run-of-the-mill crackers try to read mail before having managed to crack the system?
Not in my experience. They do, however, flock to remote-user-gains-root vulnerabilies with widely circulated script-kiddie-capable t00lz/sploitz like red squirrels to sugaring bags. The standard probe 'round these parts is: - TELNET (Irix no-password accounts like lp and guest) - POP3 (stack-smashable qpopper variants) - HTTP (various shell-meta-character exploitable CGI scripts) - IMAP (remote buffer overrun) - DNS (remote BIND iquery sploit) and frequently 635/tcp (Linux overrunable rpc.mountd). Check the AUSCERT/CERT archives for mscan or sscan, as well as any vendors/apps listed above. -jml *'tis nearly the season, even here. Damn their oily hides*
Current thread:
- UDP Port 137 - Now TCP 143 Burgess, John (EDS) (Feb 06)
- Re: UDP Port 137 - Now TCP 143 Lorens Kockum (Feb 08)
- Re: UDP Port 137 - Now TCP 143 John Ladwig (Feb 09)
- Re: UDP Port 137 - Now TCP 143 Cristiano Lincoln Mattos (Feb 08)
- Re: UDP Port 137 - Now TCP 143 Randy Witlicki (Feb 08)
- Re: UDP Port 137 - Now TCP 143 Daniel J. Gregor Jr. (Feb 08)
- Re: UDP Port 137 - Now TCP 143 Michael T. Shinn (Feb 09)
- <Possible follow-ups>
- Re: UDP Port 137 - Now TCP 143 Bill_Royds (Feb 08)
- Re: UDP Port 137 - Now TCP 143 David Gillett (Feb 10)
- RE: UDP Port 137 - Now TCP 143 David Bovee (Feb 11)
- Re: UDP Port 137 - Now TCP 143 David Gillett (Feb 10)
- Re: UDP Port 137 - Now TCP 143 Lorens Kockum (Feb 08)