nanog mailing list archives
Re: Wierd portscans
From: "Justin Hinderliter" <justin () interaccess com>
Date: Wed, 31 Jan 2001 19:44:08 -0600
As an added note, there's no match for those UDP ports on l0pht, phrack, etc. either. Justin ----- Original Message ----- From: "Justin Hinderliter" <justin () interaccess com> To: "Elric" <elric () dse-nets com>; "North America Network Operators Group Mailing List" <nanog () merit edu> Sent: Wednesday, January 31, 2001 7:21 PM Subject: Re: Wierd portscans
Here's a list of services and their known port numbers. However, it appears that they're scanning for ports in the "reserved" or "unassigned" zones. It could be that they're scanning those ports just to see if you're allowing scans or blocking them/dropping them to a null route... before running a subsequent scan. Other than that, I'm not quite sure what they're looking for, to be truthful. One thought that comes to mind in regards to the high-numbered ports is whether they might think that that's a firewall running PAT/NAT, in which case, private IPs behind the firewall would end up showing up as high-numbered ports on the firewall. Is this on a gateway/firewall, and
if
so, are you running NAT/PAT? Justin Hinderliter Network Analyst InterAccess Co. Data CLEC ----- Original Message ----- From: "Elric" <elric () dse-nets com> To: "North America Network Operators Group Mailing List" <nanog () merit edu> Sent: Wednesday, January 31, 2001 5:12 PM Subject: Wierd portscansI've been going though my scanlogs and in the past couple of days I have seen someone trying to come in. Thier not getting in but im noticing
them
hitting a number of ports over and over. Primarily attempting udp port
0,
but also 35072, 41612, and 63240. I've done searches on Google,
Dejanews,
Bugtraq etc but can't seem to find out what these ports are. Just wondering if anyone had come across them ever.... - Elric--------------------------------------------------------------------------Network Administrator Dierking Scott
Enterprises
--------------------------------------------------------------------------
Current thread:
- Wierd portscans Elric (Feb 24)
- Re: Wierd portscans Avleen Vig (Feb 24)
- <Possible follow-ups>
- Re: Wierd portscans Justin Hinderliter (Feb 24)
- Re: Wierd portscans Justin Hinderliter (Feb 24)