[lug] new port?
Greg Horne
jeerygh at hotmail.com
Mon Nov 19 12:31:02 MST 2001
Jeff,
According to SANS
(http://www.sans.org/newlook/resources/IDFAQ/oddports.htm) it's:
port 12345
cron / crontab,
Fat Bitch trojan,
GabanBus,
icmp_pipe.c,
Mypic ,
NetBus ,
NetBus Toy,
NetBus worm,
Pie Bill Gates,
Whack Job,
X-bill
Probably just somebody scanning for a backdoor.
- - -
Greg Horne
Monday, November 19, 2001, 12:56:24 AM, you wrote:
J> Oops, copied the wrong line...sorry. Here's the real line:
J> Nov 19 03:21:14 c1234567-a kernel: Packet log: input DENY eth0 PROTO=6
J> 61.79.156.104:2790 24.xx.xxx.xxx:12345 L=48 S=0x00 I=18323 F=0x4000
J> T=111 SYN (#10)
J> Sorry about that. Does anybody know what port 12345 is?
J> Paul Walmsley wrote:
>>
>> On Sun, 18 Nov 2001, Jeff wrote:
>>
>> > -- Nov 18 21:03:39 c1234567-a kernel: Packet log: input DENY eth0
>> > PROTO=6 24.22.172.43:4583 24.xx.xxx.xxx:80 L=48 S=0x00 I=37155 F=0x4000
>> > T=125 SYN (#24)
>> >
>> > Does anybody know what this is??? Thanks.
>>
>> ... someone trying to access an HTTP server on your box?
>>
>> $ egrep ' 80/tcp' /etc/services
>> http 80/tcp World Wide Web HTTP
>> www 80/tcp World Wide Web HTTP
>> www-http 80/tcp World Wide Web HTTP
>>
>> - Paul
>>
>> _______________________________________________
>> Web Page: http://lug.boulder.co.us
>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
J> --
J> "Yet they are mistaken, they will be exposed, and they will discover
J> what
J> others in the past have learned; Those who make war against the United
J> States have chosen their own destruction."
J> G. Bush Jr. Sept '01
J> _______________________________________________
J> Web Page: http://lug.boulder.co.us
J> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
__________________________________________________
Manage your Hotmail with ANY email application:
Get Pop3Hot at <http://pop3hot.com/main.htm>
More information about the LUG
mailing list