Security Incidents mailing list archives

Re: Port 109 Scans

From: epadin () WAGWEB COM (Ed Padin)
Date: Mon, 8 May 2000 14:05:45 -0400


I've seen many of the scans have a source port of 0. Has anyone else seen
the same?

-----Original Message-----
From: Stone [mailto:ident () LINEONE NET]
Sent: Saturday, May 06, 2000 8:24 PM
To: INCIDENTS () SECURITYFOCUS COM
Subject: Re: Port 109 Scans


Hi

There is a commonly known exploit for pop2 server that gives
root priviledges, this is the reason for the increase in recent pop2
port scanning.

Hope that helps, Chris.
----- Original Message -----
From: "Eric Maiwald" <emaiwald () FRED NET>
To: <INCIDENTS () SECURITYFOCUS COM>
Sent: Thursday, May 04, 2000 2:14 PM
Subject: Port 109 Scans

We are seeing a large number of scans to port 109 (POP2).  I posted
a question on this about a month ago and no one had any good ideas
what the scanners were looking for.

Anyone have any better ideas?  Is there something new in POP2 or
are these individuals just looking for old systems?

Current thread:

Re: Port 109 Scans Ed Padin (May 08)
- <Possible follow-ups>
- Re: Port 109 Scans Eric Maiwald (May 08)
- Re: Port 109 Scans Security Guru (May 09)
- Re: Port 109 Scans Stephen P. Berry (May 09)
- Re: Port 109 Scans Stephen P. Berry (May 10)