Security Incidents mailing list archives
Re: Port 1243
From: bugtraq () NETWORKICE COM (Robert Graham)
Date: Fri, 17 Mar 2000 11:11:24 -0800
This is subseven/sub7. This has become the most popular Trojan horse scan on the Internet because the client can have one victim scan a range of IP addresses for other victims. Also, in my opinion, Sub7 is currently the "best" remote access trojan out there at this time. I recommend that everyone download and play with it in order to understand the hacker's point of view. And of course I feel compelled to mention that most of the questions of the form "what does this port mean" are answered in the document: http://www.robertgraham.com/pubs/firewall-seen.html#port1243 Robert Graham -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () securityfocus com]On Behalf Of Omachonu Ogali Sent: Thursday, March 16, 2000 6:42 AM To: INCIDENTS () securityfocus com Subject: Port 1243 Last night I received a port scan on all my IP's for a foreign dialup customer looking for port 1243. I talked to the rest of the network engineers and they reported it was a scan of our whole subnet. Anyone remember anything off head about this port? (Each xxx.xxx.xxx.xxx represents a different IP address).
Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3575 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3576 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3577 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3578 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3579 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3616 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3617 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3620 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3619 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3687 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3688 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3689 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3690 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3691 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3692 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3693 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3695 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3694 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3696 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3697 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3698 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3699 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3700 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3701 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3702 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3703 Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 209.94.212.136:3704
-- +-------------------------------------------------------------------------+ | Omachonu Ogali oogali () intranova net | | Intranova Networking Group http://tribune.intranova.net | | PGP Key ID: 0xBFE60839 | | PGP Fingerprint: C8 51 14 FD 2A 87 53 D1 E3 AA 12 12 01 93 BD 34 | +-------------------------------------------------------------------------+
Current thread:
- Re: TCP port 3218 Warren Belfer (Mar 14)
- Re: TCP port 3218 Boris Badenov (Mar 14)
- Port 1243 Omachonu Ogali (Mar 16)
- Re: Port 1243 laLune (Mar 16)
- Re: Port 1243 Robert Graham (Mar 17)
- possible side effects from wide spread DOS attacks?? Russell Fulton (Mar 18)
- Re: possible side effects from wide spread DOS attacks?? Russell Fulton (Mar 20)