Security Incidents mailing list archives
Re: Port 2000, 2002 scans
From: Erik Tayler <nine () 14X NET>
Date: Mon, 11 Sep 2000 23:14:20 -0500
It is a possibility that "user" is infected with TransScout [ a somewhat old backdoor ]. For a FAQ and some more information about removing the backdoor, go to link below: http://members.tripod.de/transscout/tshelp.htm#faq1 If the user is not infected, read through RFC1445 http://www.cis.ohio-state.edu/htbin/rfc/rfc1445.html [ or ] http://www.landfield.com/rfcs/rfc1351.html Could probably be a multitude of other things, 2000 seems to be on of the "ports-of-choice" this year. Pfft. Erik Tayler http://www.14x.net/fx "L.A. Smith" wrote:
Hello! I have had hundreds of complaints from one user about port scans on his PC for ports 2000 and 2002. I know 2000 can be used for OpenWin. I haven't been able to get a straight answer from this person about what they're running but seeing as they use Jammer as their firewall software (heh, not my idea!), they must be running Windoze of some sort. Could someone shed some light as to what hundreds of IP addresses would want with their port 2000 and 2002? Thanks!
Current thread:
- Port 2000, 2002 scans L.A. Smith (Sep 12)
- Re: Port 2000, 2002 scans Elias Levy (Sep 12)
- AW: Port 2000, 2002 scans Roth, Peter (Sep 12)
- Re: Port 2000, 2002 scans Erik Tayler (Sep 12)
- <Possible follow-ups>
- Re: Port 2000, 2002 scans Arnold, Jamie (Sep 12)
- Re: Port 2000, 2002 scans Erik Tayler (Sep 13)
- Re: Port 2000, 2002 scans Bruce Anhalt (Sep 13)
- Re: Port 2000, 2002 scans Stone, Sgt Michael A (Sep 13)