Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: port 119

From: tmolina () HOME COM (Thomas Molina)
Date: Tue, 4 Jan 2000 14:36:43 -0600

The interesting thing to me is the change in pattern I've seen.  Port
scans for port 1080 at my location are quite common.  I've got logs back
90 days; Through the end of December I only see one scan for port
119.  I've seen three separate incidents since the 1st of January.

On Mon, 3 Jan 2000, Robert Graham wrote:


Port 119 is used by NNTP (USENET news:).

Since USENET is used for lots of illegal/fringe activities, people hunt for
servers that they can post anonymously through, or download content from.
Several websites maintain lists of open NNTP servers found through such
scanning.

-----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTS () securityfocus com]On
Behalf Of Dariusz Zmokly
Sent: Monday, January 03, 2000 3:33 AM
To: INCIDENTS () securityfocus com
Subject: port 119


hi !

I wonder what does it mean when someone wants to connect to my machine on
port 119. Is there any software that could do it or is it a scan ?

Jan  2 01:27:41 rh-master portsentry[444]: attackalert: SYN/Normal scan from
host: jammed.com/165.227.120.19 to TCP port: 119
Jan  3 09:22:52 rh-master portsentry[444]: attackalert: SYN/Normal scan from
host: twhou-220-35.ev1.net/207.218.220.35 to TCP port: 119
Previous By Date Next
Previous By Thread Next

Current thread: