Security Incidents mailing list archives
Re: odd scan
From: "Daniel R. Warner" <drwarner () SLEET LAKEHEADU CA>
Date: Sun, 4 Feb 2001 14:13:54 -0500
Those ports will be scanned to get a rough idea of what kind of box it is. Unix-y hosts usually have ports 23 and 79 open, and windows hosts usually don't. Port 81 is a common place to "hide" a webserver if you don't want people stumbling across it. Hope this helps! Dan Kevin Holmquist wrote:
Any ideas why they would check ports 23, 79, 81? I know 23 is telnet and 79 is finger, but I haven't seen exploits for those lately (other than telnet being insecure). Also, why port 81? Any new exploits for these ports? I've seen reports of scans for 23 and 81 on sans.org, but noone seemed to know anything about them. BTW, this is from snort, using snort.org's full ruleset dated 1/25/2001. snort didn't recognize the scanner used... Thanks! Kevin
Current thread:
- odd scan Kevin Holmquist (Feb 04)
- Re: odd scan Jose Nazario (Feb 04)
- Re: odd scan Daniel R. Warner (Feb 04)