Security Incidents mailing list archives
Re: TCP port 403 (decap?)
From: "Robert G. Ferrell" <root () rgfsparc cr usgs gov>
Date: Thu, 12 Oct 2000 13:55:07 -0500
Does anyone have any knowledge of what "decap" is or have any guesses as to what they were scanning for?
Well, I've always assumed 'decap' was short for 'decapsulation.' I'm unclear as to why a tcp port would need to be assigned to that function, but it's been around since at least RFC 1700 (1994), so maybe it's a holdover from earlier days. I doubt that there's a specific exploit for 'decap' running around; they're probably just looking for obscure/legacy listeners. Cheers, RGF Robert G. Ferrell, CISSP Information Systems Security Officer National Business Center U. S. Dept. of the Interior Robert_G_Ferrell () nbc gov ======================================== Who goeth without humor goeth unarmed. ========================================
Current thread:
- TCP port 403 (decap?) James Hoagland (Oct 11)
- <Possible follow-ups>
- Re: TCP port 403 (decap?) Robert G. Ferrell (Oct 13)