Security Incidents mailing list archives

Re: First china, now russia?

From: chad () BEACHASSOCIATES COM (Chad Day)
Date: Mon, 31 Jan 2000 16:23:15 -0500

I have port 118 listed as sqlserv, and port 224 as masqdialer.

Chad

-----Original Message-----
From: Joseph Geyer [mailto:jgeyer () POSTALINNOVATIONS COM]
Sent: Sunday, January 30, 2000 3:14 PM
To: INCIDENTS () SECURITYFOCUS COM
Subject: First china, now russia?

I've been getting scanned quite frequently from china (I basically have the
entire country blackholed now).  Now they are coming from russia.  The
curious thing is, they are using very interesting destination ports.  Here
take a look:

(clipped)

I understand what some of these ports could have listening on them, but I
haven't seen anything that would run on ports 515,118,224, or 109.  Anyone
have a clue what this idiot could be looking for?  I know port 109 is POP2,
but who still uses pop2??  I also know that 515 is commonly used for the
printer and I could see a potential for a problem there.  But 118 and 224
still have me baffled.

-Joe

Current thread:

Re: First china, now russia? Pavel Kankovsky (Jan 31)
- <Possible follow-ups>
- Re: First china, now russia? Chad Day (Jan 31)
- Re: First china, now russia? Dave Dittrich (Jan 31)
- Re: First china, now russia? Dmitry Alyabyev (Feb 01)
- Re: First china, now russia? Thomas Ribbrock (Design/DEG) (Feb 01)