Security Incidents mailing list archives
Re: NTP scan ????
From: Russell Fulton <R.FULTON () auckland ac nz>
Date: 28 Feb 2002 09:16:55 +1300
On Wed, 2002-02-27 at 14:52, Will Aoki wrote:
On Wed, Feb 27, 2002 at 10:43:19AM +1300, Russell Fulton wrote:
(213.237.6.5) at 22:13 GMT-7 on the 20th, but I figured that it must be something other than NTP, since AFAIK NTP only runs over UDP.
Possibly but tcp-123 is reserved for NTP... Another thought that occurred to me was that it was a typo and they meant to scan for 1234 or 12345, both popular trojan ports, This seems unlikely since it would appear that this wasn't a single scan. -- Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- NTP scan ???? Russell Fulton (Feb 26)
- Re: NTP scan ???? Paul Gear (Feb 27)
- Re: NTP scan ???? Will Aoki (Feb 27)
- Re: NTP scan ???? Russell Fulton (Feb 27)
- Re: NTP scan ???? Paul Gear (Feb 28)
- Re: NTP scan ???? Russell Fulton (Feb 27)
- Re: NTP scan ???? John Kristoff (Feb 28)