Security Incidents mailing list archives
Re: PIX and port 9200
From: JNelson () CMCCONTROLS COM (CL: Nelson, Jeff)
Date: Tue, 1 Feb 2000 16:46:58 -0500
This is an update to my earlier post concerning an individual that compromised my PIX firewall. The compromise was not due to a failure of the PIX. It was due to unrestricted UDP access I left when I set up a conduit for monitoring my border router syslog. I'm still curious as to what was used to make this connection to my NT box, how the intruder gained access to my subnet addresses, and what all the ports are used for. Jeff Simpler provided me with this information on port 9200: UDP port 9200 is used by the Wireless Application Protocol (http://www.wapforum.org) <http://www.wapforum.org)> . IANA lists them on the following well known ports: wap-wsp 9200/tcp WAP connectionless session service wap-wsp 9200/udp WAP connectionless session service wap-wsp-wtp 9201/tcp WAP session service wap-wsp-wtp 9201/udp WAP session service wap-wsp-s 9202/tcp WAP secure connectionless session service wap-wsp-s 9202/udp WAP secure connectionless session service wap-wsp-wtp-s 9203/tcp WAP secure session service wap-wsp-wtp-s 9203/udp WAP secure session service The access point was a dial-up service in Orlando, FL. My sincere thanks to those of you that have responded. Cheers, Jeff
Current thread:
- Re: PIX and port 9200 CL: Nelson, Jeff (Feb 01)
- Re: PIX and port 9200 Data_surge (Feb 03)