Security Incidents mailing list archives
Re: Port 2000, 2002 scans
From: "Arnold, Jamie" <harnold () BINGHAMTON EDU>
Date: Tue, 12 Sep 2000 14:00:06 -0400
I have seen MANY machines with these ports open. Too many, I think, for it to be Transcout. Sounds like there must be another explanation for this. -----Original Message----- From: Erik Tayler [mailto:nine () 14X NET] Sent: Tuesday, September 12, 2000 12:14 AM To: INCIDENTS () SECURITYFOCUS COM Subject: Re: Port 2000, 2002 scans It is a possibility that "user" is infected with TransScout [ a somewhat old backdoor ]. For a FAQ and some more information about removing the backdoor, go to link below: http://members.tripod.de/transscout/tshelp.htm#faq1 If the user is not infected, read through RFC1445 http://www.cis.ohio-state.edu/htbin/rfc/rfc1445.html [ or ] http://www.landfield.com/rfcs/rfc1351.html Could probably be a multitude of other things, 2000 seems to be on of the "ports-of-choice" this year. Pfft. Erik Tayler http://www.14x.net/fx "L.A. Smith" wrote:
Hello! I have had hundreds of complaints from one user about port scans on his PC for ports 2000 and 2002. I know 2000 can be used for OpenWin. I haven't been able to get a straight answer from this person about what they're running but seeing as they use Jammer as their firewall software (heh, not my idea!), they must be running Windoze of some sort. Could someone shed some light as to what hundreds of IP addresses would want with their port 2000 and 2002? Thanks!
Current thread:
- Port 2000, 2002 scans L.A. Smith (Sep 12)
- Re: Port 2000, 2002 scans Elias Levy (Sep 12)
- AW: Port 2000, 2002 scans Roth, Peter (Sep 12)
- Re: Port 2000, 2002 scans Erik Tayler (Sep 12)
- <Possible follow-ups>
- Re: Port 2000, 2002 scans Arnold, Jamie (Sep 12)
- Re: Port 2000, 2002 scans Erik Tayler (Sep 13)
- Re: Port 2000, 2002 scans Bruce Anhalt (Sep 13)
- Re: Port 2000, 2002 scans Stone, Sgt Michael A (Sep 13)