Often the folks in the Warez scene will hack into a machine and
install a hidden FTP server set to run on these higher port numbers. The
idea being that they are safe because so few applications/services actually
use these ports the network/systems admins won't think to look there.
Ken Hayes
Network Administrator
Eastbay / Footlocker.com
Wausau, WI Offices
(715) 261-9573
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
cc:
Rolf Jürrens Subject: Slow scan on high-ports?
<security@rolf-juerrens.
de>
Sent by:
<[EMAIL PROTECTED]>
10/29/2002 12:39 AM
Hi everyone,
in our firewall-logs I see a slow scan over our whole network from one IP
address on tcp ports >65300. The scan lasts now about 24 hours with only 50
packets. What is the purpose of such a scan? Since all ports are normally
closed in these ranges, no one can expect to gather information about a
network - am I right? Or are there any interesting ports in this range? By
the way: the IP address appears in the dshield.org database as an attacker
address.
Greetings
Rolf
______________________________________________________________________________
Die drei G des Glücks: Gemeinsam garantiert gewinnen!
Jetzt mittippen! https://spielgemeinschaften.web.de/?mc=021101
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - -
The information in this e-mail, and any attachment therein, is confidential
and for use by the addressee only. If you are not the intended recipient,
please return the e-mail to the sender and delete it from your computer.
Although the Company attempts to sweep e-mail and attachments for viruses,
it does not guarantee that either are virus-free and accepts no liability
for any damage sustained as a result of viruses.
