Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PIX and port 9200

From: JNelson () CMCCONTROLS COM (CL: Nelson, Jeff)
Date: Tue, 1 Feb 2000 16:46:58 -0500

This is an update to my earlier post concerning an individual that
compromised my PIX firewall. The compromise was not due to a failure of the
PIX. It was due to unrestricted UDP access I left when I set up a conduit
for monitoring my border router syslog.

I'm still curious as to what was used to make this connection to my NT box,
how the intruder gained access to my subnet addresses, and what all the
ports are used for.

Jeff Simpler provided me with this information on port 9200:
UDP port 9200 is used by the Wireless Application Protocol
(http://www.wapforum.org) <http://www.wapforum.org)> .  IANA lists them on
the following well known ports:
wap-wsp         9200/tcp    WAP connectionless session service
wap-wsp         9200/udp    WAP connectionless session service
wap-wsp-wtp             9201/tcp    WAP session service
wap-wsp-wtp             9201/udp    WAP session service
wap-wsp-s               9202/tcp    WAP secure connectionless session
service
wap-wsp-s               9202/udp    WAP secure connectionless session
service
wap-wsp-wtp-s   9203/tcp    WAP secure session service
wap-wsp-wtp-s   9203/udp    WAP secure session service

The access point was a dial-up service in Orlando, FL.

My sincere thanks to those of you that have responded.

Cheers,

Jeff
Previous By Date Next
Previous By Thread Next

Current thread: