Security Incidents mailing list archives
Re: Port 109 Scans
From: epadin () WAGWEB COM (Ed Padin)
Date: Mon, 8 May 2000 14:05:45 -0400
I've seen many of the scans have a source port of 0. Has anyone else seen the same?
-----Original Message----- From: Stone [mailto:ident () LINEONE NET] Sent: Saturday, May 06, 2000 8:24 PM To: INCIDENTS () SECURITYFOCUS COM Subject: Re: Port 109 Scans Hi There is a commonly known exploit for pop2 server that gives root priviledges, this is the reason for the increase in recent pop2 port scanning. Hope that helps, Chris. ----- Original Message ----- From: "Eric Maiwald" <emaiwald () FRED NET> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Thursday, May 04, 2000 2:14 PM Subject: Port 109 ScansWe are seeing a large number of scans to port 109 (POP2). I posted a question on this about a month ago and no one had any good ideas what the scanners were looking for. Anyone have any better ideas? Is there something new in POP2 or are these individuals just looking for old systems?
Current thread:
- Re: Port 109 Scans Ed Padin (May 08)
- <Possible follow-ups>
- Re: Port 109 Scans Eric Maiwald (May 08)
- Re: Port 109 Scans Security Guru (May 09)
- Re: Port 109 Scans Stephen P. Berry (May 09)
- Re: Port 109 Scans Stephen P. Berry (May 10)