Nmap Development mailing list archives
Re: Ports 27374 and 37907 not yet in nmap-services
From: "grendel warrior" <grendelwarrior () hotmail com>
Date: Sat, 03 Mar 2001 13:39:53 -0000
Hi, As you said SubSeven is a well known Trojan and it is used a lot on irc. I also know an Optivity Network Configuration System suite of utilities used by Nortel Networks.You might check it out on http://www.nortelnetworks.com as the suite is kinda big.
cya
From: Marek Michalkiewicz <marekm () amelek gda pl> To: nmap-dev () insecure org CC: marekm () linux org pl Subject: Ports 27374 and 37907 not yet in nmap-services Date: Fri, 2 Mar 2001 20:18:59 +0100 (CET) Hi, I have seen these two port numbers probed in real life, and not yet listed in nmap-services, or even in the huge list mentioned in that file (http://www.graffiti.com/services). Please consider adding them to the distributed nmap-services file, perhaps it helps someone... I've tried to find some info on these ports using a search engine, and here is what I found... (not much - most of what is found is a dozen of different web archives of the same two mailing lists) Port 27374/tcp (listed as "asp" - Address Search Protocol in the default /etc/services file that comes with Debian) appears to be used by some kind of Windows trojan (tried to connect to the box that probed me, something was listening there...) named SubSeven. Port 37907/tcp (not listed anywhere I can tell) appears to be used by something called Optivity (whatever that is - no idea...) probably running on Win9x, which also probes ports 80/tcp and 161/udp (snmp). I see probes on these ports mainly in a large LAN that is not reachable from the Internet, and I know who is doing it... That person (who happens to be the admin of that LAN) admits it (it's not IP spoofing), but doesn't want to tell me anything more - says it's top secret :). These probes are harmless, but still it would be nice to know more... If someone here has more information, links to more info about the above mentioned programs, especially the one using port 37907 - please let me know. Thanks, and keep up the good work! Marek --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
_________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. ---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Ports 27374 and 37907 not yet in nmap-services Marek Michalkiewicz (Mar 02)
- <Possible follow-ups>
- Re: Ports 27374 and 37907 not yet in nmap-services grendel warrior (Mar 03)