Security Incidents mailing list archives

Re: Port scan (106 and 389)

From: naif () INET IT (Fabio Pietrosanti)
Date: Thu, 29 Jun 2000 08:55:11 +0200

Fromnmap-services

pop3pw            106/tcp    # Eudora compatible PW changer
ldap              389/tcp    # Lightweight Directory Access Protocol

naif

On Wed, 28 Jun 2000, Chris Laycock wrote:

Someone or something has tried to connect to ports 106 and 389 on all the PC's on my home LAN.  What are these ports 
used for?  Why would anyone try to connect?

Chris

Current thread:

Re: funky syslog entry, (continued)
- - - Re: funky syslog entry Chris West (Jun 29)
    - wuftp exploit Toby Miller (Jun 28)
    - Re: wuftp exploit Daniel Jacobowitz (Jun 28)
    - Permissions Derick Schuetz (Jun 27)
    - Re: Permissions Valdis Kletnieks (Jun 27)
    - Re: Permissions Jon Lewis (Jun 27)
    - Probes for MySQL under Linux? Ralf G. R. Bergs (Jun 27)
    - Re: Probes for MySQL under Linux? Tabor J. Wells (Jun 27)
    - Port scan (106 and 389) Chris Laycock (Jun 28)
    - Compromise and Bind Replacement Scott Brown (Jun 28)
    - Re: Port scan (106 and 389) Fabio Pietrosanti (Jun 28)
    - Re: Probes for MySQL under Linux? Al Huger - Mail Account (Jun 28)
    - Was I exploited? Narins, Joshua (Jun 29)
    - Re: Was I exploited? Russ Spooner (Jun 29)
    - Re: Nike Site taken over Ballard, James (Jun 27)
    - port 1433? Sir Scriptzalot (Jun 25)
    - Re: port 1433? Jason Witty (Jun 27)
    - Port 1433 Edwin Concepcion (Jun 26)
  - Re: Nike Site taken over x-empt (Jun 23)
- Port 7070? PARKIN, MICHAEL (PBI) (Jun 22)
  - Re: Port 7070? Ryan Russell (Jun 22)

(Thread continues...)