Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TCP port 403 (decap?)

From: "Robert G. Ferrell" <root () rgfsparc cr usgs gov>
Date: Thu, 12 Oct 2000 13:55:07 -0500
Does anyone have any knowledge of what "decap" is or have any guesses
as to what they were scanning for?


Well, I've always assumed 'decap' was short for 'decapsulation.'
I'm unclear as to why a tcp port would need to be assigned to that
function, but it's been around since at least RFC 1700 (1994), so
maybe it's a holdover from earlier days.  I doubt that there's a
specific exploit for 'decap' running around; they're probably just looking
for obscure/legacy listeners.

Cheers,

RGF

Robert G. Ferrell, CISSP
Information Systems Security Officer
National Business Center
U. S. Dept. of the Interior
Robert_G_Ferrell () nbc gov
========================================
 Who goeth without humor goeth unarmed.
========================================
Previous By Date Next
Previous By Thread Next

Current thread: