Security Incidents mailing list archives

Re: Port 109 Scans

From: ident () LINEONE NET (Stone)
Date: Sun, 7 May 2000 01:24:16 +0100


Hi

There is a commonly known exploit for pop2 server that gives
root priviledges, this is the reason for the increase in recent pop2
port scanning.

Hope that helps, Chris.

----- Original Message -----
From: "Eric Maiwald" <emaiwald () FRED NET>
To: <INCIDENTS () SECURITYFOCUS COM>
Sent: Thursday, May 04, 2000 2:14 PM
Subject: Port 109 Scans

We are seeing a large number of scans to port 109 (POP2).  I posted
a question on this about a month ago and no one had any good ideas
what the scanners were looking for.

Anyone have any better ideas?  Is there something new in POP2 or
are these individuals just looking for old systems?

Eric

---------------------------------------------------------------------
Eric Maiwald                                        emaiwald () fred net
So Many Hobbies, So little time
---------------------------------------------------------------------

Current thread:

Re: Lots netbios scans (udp 137), (continued)
- Re: Lots netbios scans (udp 137) Greg A. Woods (May 03)
  - Re: Lots netbios scans (udp 137) Bryan Andersen (May 03)
  - odd message showing up logs... Josh Burroughs (May 04)
    - Re: odd message showing up logs... Rick Redman (May 06)
    - amd exploit(ed)? Paulo Ribeiro (May 07)
    - Re: amd exploit(ed)? Mike Murray (May 08)
    - Re: amd exploit(ed)? Erich Meier (May 09)
    - Re: amd exploit(ed)? Jim Zajkowski (May 09)
    - Re: odd message showing up logs... Robert Graham (May 07)
  - Port 109 Scans Eric Maiwald (May 04)
    - Re: Port 109 Scans Stone (May 06)
  - Re: Lots netbios scans (udp 137) Erich Meier (May 04)
    - Re: Lots netbios scans (udp 137) Greg A. Woods (May 04)
  - Oversized packets Paulo Ribeiro (May 04)
    - Re: Oversized packets Keith Owens (May 06)