Security Incidents mailing list archives
Re: Korea (again)
From: lamont () ICOPYRIGHT COM (Granquist, Lamont)
Date: Thu, 27 Jan 2000 09:14:43 -0800
nmap-services has 4333/tcp listed as msql. is there an msql exploit out there? hmmm... http://oliver.efri.hr/~crv/security/bugs/mUNIXes/msql5.html ? On Thu, 27 Jan 2000, Kim R. Rasmussen wrote:
I have also had a wide range of portscannings from Korean hosts. As Fernando, most scannings are aimed at port 111 but there are also some other exotic ports among them - especially port 2974 and 4333 seem to be of great interest. Anyone familiar with those ? ----- Original Message ----- From: Fernando Cardoso <fernando () BN PT> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Wednesday, January 26, 2000 8:52 PM Subject: Korea (was RE: ?)I have LOTS of portscanning (mostly to port 111) from a number of hosts in Korea. I portscanned them back and find out that at least a couple of them had port 2222 open. A telnet to that port droped me in a rootshell without being asked for any password.... Fernando
Current thread:
- port 768, (continued)
- port 768 Guido A.J. Stevens (Jan 27)
- Re: port 768 Robert Graham (Jan 27)
- Re: Strange DNS/TCP activity technot (Jan 27)
- Re: Strange DNS/TCP activity Richard Bejtlich (Jan 27)
- Connect thru PIX & ports 1727, 2209, 9200 CL: Nelson, Jeff (Jan 27)
- Re: Korea (again) Kim R. Rasmussen (Jan 26)
- Re: Korea (again) zeek (Jan 27)
- Re: Korea (again) Kim Roland Rasmussen (Jan 27)
- Re: Korea (again) Thomas Molina (Jan 27)
- Re: Korea (again) Rob Quinn (Jan 28)
- Re: Korea (again) Granquist, Lamont (Jan 27)
- Re: Korea (was RE: ?) horio shoichi (Jan 26)
- Re: Korea (was RE: ?) David Brumley (Jan 27)
- Re: Korea (was RE: ?) Patrick Oonk (Jan 28)
- Re: Korea (was RE: ?) Arrigo Triulzi (Jan 28)
- Re: Korea (was RE: ?) Dug Song (Jan 28)
- Re: Korea (was RE: ?) Patrick Oonk (Jan 28)
- DNS update queries: another sort of suspicious activity. Fyodor (Jan 28)
- Re: DNS update queries: another sort of suspicious activity. Patrick Oonk (Jan 28)
- Re: DNS update queries: another sort of suspicious activity. Fyodor (Jan 28)
- Re: DNS update queries: another sort of suspicious activity. Patrick Oonk (Jan 28)