Security Incidents mailing list archives
Re: Port 1243
From: fernando () BN PT (Fernando Cardoso)
Date: Fri, 17 Mar 2000 10:21:41 -0000
It seems that someone scanned your network looking for a backdoor called SubSeven, which uses port 1243. Check their website for details: http://subseven.slak.org/ Fernando ______________________________________________ Fernando Cardoso Network Administrator National Library of Portugal
-----Original Message----- From: Omachonu Ogali [mailto:oogali () INTRANOVA NET] Sent: quinta-feira, 16 de Março de 2000 14:42 To: INCIDENTS () SECURITYFOCUS COM Subject: Port 1243 Last night I received a port scan on all my IP's for a foreign dialup customer looking for port 1243. I talked to the rest of the network engineers and they reported it was a scan of our whole subnet. Anyone remember anything off head about this port? (Each xxx.xxx.xxx.xxx represents a different IP address).Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3575Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3576Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3577Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3578Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3579Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3616Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3617Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3620Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3619Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3687Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3688Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3689Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3690Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3691Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3692Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3693Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3695Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3694Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3696Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3697Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3698Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3699Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3700Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3701Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3702Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3703Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from209.94.212.136:3704 -- +------------------------------------------------------------- ------------+ | Omachonu Ogali oogali () intranova net | | Intranova Networking Group
http://tribune.intranova.net | | PGP Key ID: 0xBFE60839 | | PGP Fingerprint: C8 51 14 FD 2A 87 53 D1 E3 AA 12 12 01 93 BD 34 | +----------------------------------------------------------------------- --+
Current thread:
- Re: Port 1243 Fernando Cardoso (Mar 17)