Security Incidents mailing list archives

Re: Port 109 scanning

From: azimuth <lozah () io com>
Date: Mon, 6 Nov 2000 17:34:26 CST

Howdy,

They're not necessarily looking to exploit POP2.  By developing a list of
systems running POP2, they can go back and look for something more tasty.
 A system running POP2 is one sign of an ill-configured & neglected Linux
box ... as is one listening to port 98 (linuxconf).  If you build a list
of systems running one of those services, chances are strong the systems
are running more commonly exploited services.
Much more profitable to use this technique than, say, scanning for every
FTP server in the world looking for vulnerable versions of WU-FTP.

my $.02,
cheers,
az

Current thread:

Port 109 scanning A.L.Lambert (Nov 07)
- Re: Port 109 scanning Jay D. Dyson (Nov 08)
- Re: Port 109 scanning Jander Sunstar (Nov 08)
- <Possible follow-ups>
- Re: Port 109 scanning azimuth (Nov 08)
- Re: Port 109 scanning Fernando Cardoso (Nov 08)
- Re: Port 109 scanning Andy Duncan (Nov 08)