[lug] outgoing port 220 exploit?
D. Stimits
stimits at comcast.net
Tue Jan 20 14:49:32 MST 2004
Jordan Crouse wrote:
> On Tue, 20 Jan 2004 12:47:45 -0700
> Kevin Fenzi wrote:
>
>
> >The packet comes in to port 6129 on your machines, and they have setup
> >their incoming packet so the reply goes back to port 220 on the
> >sending machine (in this case it should be a connection refused,
> >unless you are running DameWare).
>
>
> But incoming packets to 6129 will go to the bit bucket if there isn't
> anything running that will listen to them.
Going to work with nmap also, but I think the 3 separate major versions
of KRUD doing same thing at staggered intervals is a relay. 6129 is the
local port during outgoing packets, not incoming. The destination port
is tcp 220. I have been unable to find anything creating this as a local
process but am working on it still.
D. Stimits, stimits AT comcast DOT net
More information about the LUG
mailing list