Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: newbie wanting some info !!

From: "Ryan Belcher" <Ryanb () sealevel com>
Date: Tue, 19 Aug 2003 12:53:17 -0400
Hi Ozzy,

Port 80 is for HTTP traffic and port 21 is for FTP traffic, people love to scan around those ports all day long.  It's 
gotten to the point to where I just ignore most of that traffic at home since it's so prevalent.  If you're actually 
running a FTP or Web server, I may be more aloof and look for specific types of requests to and fro, but on the most 
part, I wouldn't worry too much.

Ryan

-----Original Message-----
From: osden [mailto:osden77 () hotmail com]
Sent: Tuesday, August 19, 2003 3:59 AM
To: Security-basics () SecurityFocus com
Cc: incidents () securityfocus com
Subject: newbie wanting some info !!


Cheers to all......

i have a ADSL connection to my home PC and have NAV and ZONE ALARM installed
as my AV and Firewall. Zone Alarm has been set to the highest security
settings. I have a utility called Attacker from www.foundstone.com listening
at my ports. I have been observing all kind of scans from this following IPs

207.40.146.171     dsl-d-171.nortex.net
203.241.146.5       user5.s146.samsung.co.kr
66.75.223.169       cpe-66-75-223-169.bak.rr.com

trying to connect to my port 80 from various ports. repeatedly also i have
this IP scanning repeatedly at my port 21  from various ports:

80.181.56.143        host143-56.pool80181.interbusiness.it

Well when i scan them back every host that is found LIVE has Port 5000
listening. Is this something to do with that?? or is anyone else also
experiencing something like that. According to my information port 5000
[UPnP / filmaker.com / Socket de Troie (Windows Trojan)] else the box is
Win32 listening to auto detection of hardware.

Can anyone comment on this and let me know. Any information provided will be
really helpful. Thankx in advance.

Kind Regards,
Ozzy

[SCAN EVERYTHING]

Kind Regards,
Osden Fernandes

[SCAN EVERYTHING]

---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
 - Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: 
http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: