Security Incidents mailing list archives

Re: Assistance on these ports ranges ??

From: Talisker <Talisker () NETWORKINTRUSION CO UK>
Date: Thu, 3 Aug 2000 22:11:29 +0100

James

More info needed, I take you are being scanned on these ports, if so is it
just these or are there more.  Anyway here's what I found, there's not much.
:o)

There's some info here, it's an RMON id document from the RMON MIB working
group, look for cisco-fna  PROTOCOL-IDENTIFIER
http://www.ietf.org/proceedings/99mar/I-D/draft-ietf-rmonmib-rmonprot-mac-00
.txt

There may a clue to malicious intent in this guide to harmless hacking.
they may just be probing for routers or specifically cisco routers
http://www.antionline.com/archives/text/gtmhh/vol3.html

Take Care

Andy

www.networkintrusion.co.uk
                    '''
                 (0 0)
  ----oOO----(_)----------
  | The geek shall        |
  |  Inherit the earth     |
  -----------------oOO----
               |__|__|
                  || ||
              ooO Ooo


The opinions contained within this transmission are entirely my own, and do
not necessarily reflect those of my employer.





----- Original Message -----
From: "Hackett, James" <James.Hackett () CWCOM CO UK>
To: <INCIDENTS () securityfocus com>
Sent: Thursday, August 03, 2000 2:51 PM
Subject: Assistance on these ports ranges ??

Hi,

Does any one have any knowledge or uses for these ports as i have asked
Cisco
on many occations and uninformative replys back stating "  it must be in

the

RFC's"
searched the cisco web site and checked all RFC to no avail. Maybe Cisco
just does
not use them anymore as they are very low down in the port number

sequence.

Could of
being used on old legacy equipment ??????

Any pointers to enlighten me be most grateful


130/tcp cisco FNATIVE cisco-fna
130/udp cisco FNATIVE cisco-fna
131/tcp cisco TNATIVE cisco-tna
131/udp cisco TNATIVE cisco-tna
132/tcp cisco SYSMAINT cisco-sys
132/udp cisco SYSMAINT cisco-sys


James Hackett
Senior Security Analyst
email: James.Hackett () cwcom co uk




**********************************************************************
This message may contain information which is confidential or privileged.
If you are not the intended recipient, please advise the sender

immediately

by reply e-mail and delete this message and any attachments
without retaining a copy.

**********************************************************************

Current thread:

Assistance on these ports ranges ?? Hackett, James (Aug 03)
- Re: Assistance on these ports ranges ?? Talisker (Aug 04)
  - Re: Assistance on these ports ranges ?? Kevin Reardon (Aug 07)