Security Incidents mailing list archives
Re: port 9704 scans
From: Vitaly Osipov <vos () TELENOR CZ>
Date: Fri, 8 Sep 2000 17:57:11 +0200
ok, i'm stupid :) search on securityfocus gives even CERT alert about that compromise - something from rpc area. http://www.securityfocus.com/templates/archive.pike?list=1&mid=77042 http://www.securityfocus.com/templates/advisory.html?id=2540 etc. One more comment - how very lazy those scriptkids are nowadays :) they do not want to compromize the system by themselves, but just scanning if somebody else has done it before... regards, Vitaly. ----- Original Message ----- From: "Vitaly Osipov" <vos () gate int1 telenor cz> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Friday, September 08, 2000 2:26 PM Subject: port 9704 scans
Hi all, I am just curious, what was that guy scanning for - i have packets like
one
below directed to all hosts in my net... 09/08-10:55:57.081848 0:90:F2:55:F0:0 -> 0:60:8:CE:FC:C1 type:0x800
len:0x3C
24.141.204.108:9704 -> xxx.xx.xx.xx:9704 TCP TTL:23 TOS:0x0 ID:39426 **SF**** Seq: 0x1FFE9308 Ack: 0x62D853AD Win: 0x404 they are syn-fin packets with source and destination ports 9704. I have
not
found any references to any trojans using this port. regards, Vitaly.
Current thread:
- port 9704 scans Vitaly Osipov (Sep 08)
- Re: port 9704 scans Vitaly Osipov (Sep 08)
- Re: port 9704 scans Chris 'Chipper' Chiapusio (Sep 08)
- Re: port 9704 scans Matthew F. Caldwell (Sep 08)