Re: Port 1243

[fernando () BN PT (Fernando Cardoso)]

It seems that someone scanned your network looking for a backdoor called
SubSeven, which uses port 1243. Check their website for details:
http://subseven.slak.org/

Fernando

______________________________________________
Fernando Cardoso
Network Administrator
National Library of Portugal 

> -----Original Message-----
> From: Omachonu Ogali [mailto:oogali () INTRANOVA NET]
> Sent: quinta-feira, 16 de Março de 2000 14:42
> To: INCIDENTS () SECURITYFOCUS COM
> Subject: Port 1243
>
>
> Last night I received a port scan on all my IP's for a foreign dialup
> customer looking for port 1243. I talked to the rest of the network
> engineers and they reported it was a scan of our whole subnet. Anyone
> remember anything off head about this port? (Each xxx.xxx.xxx.xxx
> represents a different IP address).
>
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3575
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3576
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3577
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3578
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3579
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3616
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3617
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3620
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3619
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3687
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3688
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3689
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3690
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3691
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3692
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3693
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3695
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3694
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3696
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3697
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3698
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3699
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3700
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3701
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3702
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3703
> > Connection attempt to TCP xxx.xxx.xxx.xxx:1243 from 
> 209.94.212.136:3704
>
> --
> +-------------------------------------------------------------
> ------------+
> | Omachonu Ogali                                     
> oogali () intranova net |
> | Intranova Networking Group                 
http://tribune.intranova.net |
| PGP Key ID:
0xBFE60839 |
| PGP Fingerprint:       C8 51 14 FD 2A 87 53 D1  E3 AA 12 12 01 93 BD
34 |
+-----------------------------------------------------------------------
--+