Security Incidents mailing list archives

Re: portscan on tcp ports 1024 to 1280

From: Joshua_Hiller () aeanet org
Date: Wed, 17 Oct 2001 10:15:20 -0700



These are just a few, and some are actually appz / services that just
happen to run on those ports, and are exploitable.

I'm *positive* there are more, do we have any more information?    (Figured
I've give you the Trojan List at least... ;) )



1024 - NetSpy
1025 - Maverick's Matrix
1027/1029/1032/1033 - ICQ
1033 - Exploit Descent Manager Module
1042 - Rasmin
1045 - Rasmin
1080 - Socks / Wingate
1090 - Xtreme
1170 - Voice Streaming Audio
1207 - SoftWar
1234 - Ultris


- Me





"Fletcher Mattox" <fletcher () cs utexas edu> on 10/17/2001 10:05:39 AM

To:   incidents () securityfocus com
cc:

Subject:  portscan on tcp ports 1024 to 1280


What application or exploit probes every tcp port between 1024 and 1280
(i.e. 256 different ports in random order).  The source port is always
80 or 0.  Every host on our network is being scanned in this manner from
several different places.  Some source ip addresses are:

65.203.157.138
65.203.157.29
66.150.15.150
209.15.44.204

Thanks
Fletcher

----------------------------------------------------------------------------

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com






----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

portscan on tcp ports 1024 to 1280 Fletcher Mattox (Oct 17)
- Re: portscan on tcp ports 1024 to 1280 dr john halewood (Oct 17)
- <Possible follow-ups>
- Re: portscan on tcp ports 1024 to 1280 Joshua_Hiller (Oct 17)