Security Incidents mailing list archives
Re: port 768
From: bugtraq () NETWORKICE COM (Robert Graham)
Date: Thu, 27 Jan 2000 13:05:46 -0800
Linux puts a lot of its RPC services on ports between 512-1024. Since the installation of a distro doesn't have much variance, the result is that the same service will likely end up at the same port. Therefor, I'm guessing that the 768 is a rpc.mountd port common to the particular distro the hacker has an exploit for. I'm not sure how you identified the initial rpc.mountd (635 was common in RedHat 5.0 for mountd, or it may have been from an rpcbind getport on port 111). Robert Graham -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () securityfocus com]On Behalf Of Guido A.J. Stevens Sent: Thursday, January 27, 2000 8:54 AM To: INCIDENTS () securityfocus com Subject: port 768 Hi folks, Somebody from South America is walking our ip range, trying for rpc.mountd and port 768. I've never seen port 768, does anybody know what they're looking for? :*CU# -- *** Guido A.J. Stevens *** mailto:gyst () nfg nl *** *** Net Facilities Group *** tel:+31.43.3618933 *** *** http://www.nfg.nl *** fax:+31.43.3560502 *** Around the world there are networks of spy stations and spy satellites which can intercept communications anywhere on the planet. [Hager, ISBN 0-908802-35-8, p.56]
Current thread:
- Re: No Idea, (continued)
- Re: No Idea Robert Graham (Jan 25)
- Possible Probe = Possible Malfunction Ron Gula (Jan 25)
- Possible attemt at hacking? Geir A. Bjune (Jan 25)
- Re: Possible attemt at hacking? Brendan Grieve (Jan 27)
- Re: ? Adam Boileau (Jan 25)
- Korea (was RE: ?) Fernando Cardoso (Jan 26)
- Strange DNS/TCP activity Pavel Kankovsky (Jan 26)
- Re: Strange DNS/TCP activity Asmodeus (Jan 27)
- Re: Strange DNS/TCP activity Roy Pait (Jan 27)
- port 768 Guido A.J. Stevens (Jan 27)
- Re: port 768 Robert Graham (Jan 27)
- Re: Strange DNS/TCP activity technot (Jan 27)
- Re: Strange DNS/TCP activity Richard Bejtlich (Jan 27)
- Connect thru PIX & ports 1727, 2209, 9200 CL: Nelson, Jeff (Jan 27)
- Re: Korea (again) Kim R. Rasmussen (Jan 26)
- Re: Korea (again) zeek (Jan 27)
- Re: Korea (again) Kim Roland Rasmussen (Jan 27)
- Re: Korea (again) Thomas Molina (Jan 27)
- Re: Korea (again) Rob Quinn (Jan 28)
- Re: Korea (again) Granquist, Lamont (Jan 27)
- Re: Korea (was RE: ?) horio shoichi (Jan 26)