Security Incidents mailing list archives
Re: Strange behaviour
From: bejtlich () TEXAS NET (Richard Bejtlich)
Date: Sun, 16 Jan 2000 04:50:29 -0000
Hi Anthony, Poking around the web, I found out port 2766 is typically part of an sscan, as reported by CERT, here: http://www.cert.org/incident_notes/IN-99-01.html That doc reports port 2766 tcp is "Solaris listen/nlps_server." Digging further it seems that port was used by Solaris to listen for incoming print jobs. Refs: http://wugate.wustl.edu/~rachelle/printfaq2.html http://ume.med.ucalgary.ca/usenet/Solaris/0047.html As to the vulnerability, I'm not sure. Richard ----- I've seen two different attempts. all in the last 2 days, of tcp connection attempts to port 2766. Regards, Anthony Kehoe
Current thread:
- IRC-bots: what are they for ?, (continued)
- IRC-bots: what are they for ? Jens Hektor (Jan 12)
- Re: IRC-bots: what are they for ? Jon Paul, Nollmann (Jan 12)
- Re: IRC-bots: what are they for ? SecOrg (Jan 12)
- Re: IRC-bots: what are they for ? Ninja Information Systems. (Jan 12)
- Re: IRC-bots: what are they for ? Jens Hjalmarsson (Jan 12)
- Re: IRC-bots: what are they for ? tyler (Jan 12)
- Re: IRC-bots: what are they for ? David Brumley (Jan 12)
- Re: IRC-bots: what are they for ? The Undernet Bonk (Jan 12)
- Re: IRC-bots: what are they for ? Filip M. Gieszczykiewicz (Jan 12)
- Strange behaviour Belgarion of Riva (Jan 13)
- Re: Strange behaviour Richard Bejtlich (Jan 15)
- UDP probing [ trojan? ] mabrown () SECUREPIPE COM (Jan 17)
- Re: UDP probing [ trojan? ] Jose Nazario (Jan 18)
- Probe from UK Provider ? Duarte Cordeiro (Jan 18)
- Re: Probe from UK Provider ? Pauline van Winsen (Jan 19)
- Re: Probe from UK Provider ? Arrigo Triulzi (Jan 20)
- Re: Probe from UK Provider ? Gene Harris (Jan 20)
- Re: Probe from UK Provider ? Jason Witty (Jan 20)
- Solaris BSM Audit Logs Wozz (Jan 17)
- Re: Strange behaviour John Turner (Jan 17)
- SMTP bombing Kaupo Palo (Jan 18)