North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Wierd portscans
As an added note, there's no match for those UDP ports on l0pht, phrack, etc. either. Justin ----- Original Message ----- From: "Justin Hinderliter" <[email protected]> To: "Elric" <[email protected]>; "North America Network Operators Group Mailing List" <[email protected]> Sent: Wednesday, January 31, 2001 7:21 PM Subject: Re: Wierd portscans > Here's a list of services and their known port numbers. > > However, it appears that they're scanning for ports in the "reserved" or > "unassigned" zones. It could be that they're scanning those ports just to > see if you're allowing scans or blocking them/dropping them to a null > route... before running a subsequent scan. Other than that, I'm not quite > sure what they're looking for, to be truthful. > > One thought that comes to mind in regards to the high-numbered ports is > whether they might think that that's a firewall running PAT/NAT, in which > case, private IPs behind the firewall would end up showing up as > high-numbered ports on the firewall. Is this on a gateway/firewall, and if > so, are you running NAT/PAT? > > Justin Hinderliter > Network Analyst > InterAccess Co. Data CLEC > > ----- Original Message ----- > From: "Elric" <[email protected]> > To: "North America Network Operators Group Mailing List" <[email protected]> > Sent: Wednesday, January 31, 2001 5:12 PM > Subject: Wierd portscans > > > > > > > > I've been going though my scanlogs and in the past couple of days I have > > seen someone trying to come in. Thier not getting in but im noticing them > > hitting a number of ports over and over. Primarily attempting udp port 0, > > but also 35072, 41612, and 63240. I've done searches on Google, Dejanews, > > Bugtraq etc but can't seem to find out what these ports are. Just > > wondering if anyone had come across them ever.... > > > > > > - Elric > > > > > > -------------------------------------------------------------------------- > > Network Administrator Dierking Scott Enterprises > > -------------------------------------------------------------------------- > > > > > > >
|