Firewall Wizards mailing list archives
RE: UDP Port 137 - Now TCP Port 143
From: "Burgess, John (EDS)" <jburgess () railtex com>
Date: Mon, 8 Feb 1999 14:53:30 -0600
FYI. I did some further checking of my logs (thanks to Randi for the pointer to rfc1700 - I hadn't looked at those in a long time), it seems there were some probes on ports 110, 111, 137, 635??? and 143 from various domains. I checked CERT and there is an old advisory on a Sun RPC exploit on port 111. Since I don't believe this could be accidental, I contacted the registered owner of the domain where that traffic originated from and sure enough, his DNS server has been compromised. It seems all his log files have been wiped clean this AM..... -----Original Message----- From: Burgess, John (EDS) Sent: Friday, February 05, 1999 4:26 PM To: 'firewall-wizards () nfr net' Subject: UDP Port 137 - Now TCP 143 Thanks to all who responded regarding UDP port 137. I learned some interesting facts. I got a new one this morning. Does anyone know why would someone/something be hitting TCP port 143? This was at 2:30 AM from bay-030-b5.codetel.net.do (206.105.238.30 - Dominican Republic - a router?) Protocol=TCP Port 2734->143? JB
Current thread:
- RE: UDP Port 137 - Now TCP Port 143 Burgess, John (EDS) (Feb 09)
- RE: UDP Port 137 - Now TCP Port 143 Randy Witlicki (Feb 10)
- RE: UDP Port 137 - Now TCP Port 143 dreamwvr (Feb 10)
- RE: UDP Port 137 - Now TCP Port 143 Randy Witlicki (Feb 10)