Security Incidents mailing list archives

Re: Port 2000, 2002 scans

From: Erik Tayler <nine () 14x net>
Date: Tue, 12 Sep 2000 16:10:08 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As in the previous e-mail,

If the user is not infected, read through RFC1445
http://www.cis.ohio-state.edu/htbin/rfc/rfc1445.html  [ or ]
http://www.landfield.com/rfcs/rfc1351.html


The above links are just an idea of what it may be. However, the
original poster didn't specify whether it was TCP/UDP.

Erik Tayler
14x Network Security
http://www.14x.net

- -----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On
Behalf Of Arnold, Jamie
Sent: Tuesday, September 12, 2000 1:00 PM
To: INCIDENTS () SECURITYFOCUS COM
Subject: Re: Port 2000, 2002 scans


I have seen MANY machines with these ports open.  Too many, I think,
for it
to be Transcout.  Sounds like there must be another explanation for
this.



-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOb6brk0pQlPl0B0AEQJrPACgyNjArcIN+xerQGGku+RlxLKAcZoAoODf
/jBce/gsXPvI9+Qv9XkjdvVp
=PJow
-----END PGP SIGNATURE-----

Current thread:

Port 2000, 2002 scans L.A. Smith (Sep 12)
- Re: Port 2000, 2002 scans Elias Levy (Sep 12)
- AW: Port 2000, 2002 scans Roth, Peter (Sep 12)
- Re: Port 2000, 2002 scans Erik Tayler (Sep 12)
- <Possible follow-ups>
- Re: Port 2000, 2002 scans Arnold, Jamie (Sep 12)
  - Re: Port 2000, 2002 scans Erik Tayler (Sep 13)
- Re: Port 2000, 2002 scans Bruce Anhalt (Sep 13)
- Re: Port 2000, 2002 scans Stone, Sgt Michael A (Sep 13)