Re: port 119

[scott () MORE NET (Scott Laws)]

hey all,

jammed.com has a web page (http://www.jammed.com/~newzbot) that scans for
open NNPT servers and compiles a list for people who dont hav access to
NNTP otherwise there is a forom to fill out to keep it from scanning you
or to remove yoru new server from thr list

Regards,
Scott

On Wed, 5 Jan 2000, R a v e N wrote:

> Port 119 is NNTP - Network News Transfer Protocol (for newsgroups. It
> works with TCP and UDP).
> Do you have an NNTP server on this host? 'Cause it could be someone
> exploiting it.
> It could also be someone trying to connect to a news server on your host
> (thinking that there is one there) which simply does not exist, or it
> could be some sort of an attack.
>
> --
> If a packet hits a pocket on a socket on a port
> And the bus is interrupted as a very last resort
> And the address of the memory makes the data link abort
> Then the socket packet pocket has an error to report.
>
> http://blacksun.box.sk
>
> Dariusz Zmokly wrote:
>
> > hi !
> >
> > I wonder what does it mean when someone wants to connect to my machine on
> > port 119. Is there any software that could do it or is it a scan ?
> >
> > Jan  2 01:27:41 rh-master portsentry[444]: attackalert: SYN/Normal scan from host: jammed.com/165.227.120.19 to TCP 
> > port: 119
> > Jan  3 09:22:52 rh-master portsentry[444]: attackalert: SYN/Normal scan from host: 
> > twhou-220-35.ev1.net/207.218.220.35 to TCP port: 119
> >
> > best regards :)
> > Dariusz Zmokly