[lug] outgoing port 220 exploit?

D. Stimits stimits at comcast.net
Tue Jan 20 14:49:32 MST 2004


Jordan Crouse wrote:

> On Tue, 20 Jan 2004 12:47:45 -0700
> Kevin Fenzi  wrote:
>
>
> >The packet comes in to port 6129 on your machines, and they have setup
> >their incoming packet so the reply goes back to port 220 on the
> >sending machine (in this case it should be a connection refused,
> >unless you are running DameWare).
>
>
> But incoming packets to 6129 will go to the bit bucket if there isn't
> anything running that will listen to them.

Going to work with nmap also, but I think the 3 separate major versions 
of KRUD doing same thing at staggered intervals is a relay. 6129 is the 
local port during outgoing packets, not incoming. The destination port 
is tcp 220. I have been unable to find anything creating this as a local 
process but am working on it still.

D. Stimits, stimits AT comcast DOT net




More information about the LUG mailing list