North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Wierd portscans

  • From: Justin Hinderliter
  • Date: Wed Jan 31 20:38:39 2001

As an added note, there's no match for those UDP ports on l0pht, phrack,
etc. either.

Justin

----- Original Message -----
From: "Justin Hinderliter" <[email protected]>
To: "Elric" <[email protected]>; "North America Network Operators Group
Mailing List" <[email protected]>
Sent: Wednesday, January 31, 2001 7:21 PM
Subject: Re: Wierd portscans


> Here's a list of services and their known port numbers.
>
> However, it appears that they're scanning for ports in the "reserved" or
> "unassigned" zones.  It could be that they're scanning those ports just to
> see if you're allowing scans or blocking them/dropping them to a null
> route... before running a subsequent scan.  Other than that, I'm not quite
> sure what they're looking for, to be truthful.
>
> One thought that comes to mind in regards to the high-numbered ports is
> whether they might think that that's a firewall running PAT/NAT, in which
> case, private IPs behind the firewall would end up showing up as
> high-numbered ports on the firewall.  Is this on a gateway/firewall, and
if
> so, are you running NAT/PAT?
>
> Justin Hinderliter
> Network Analyst
> InterAccess Co. Data CLEC
>
> ----- Original Message -----
> From: "Elric" <[email protected]>
> To: "North America Network Operators Group Mailing List" <[email protected]>
> Sent: Wednesday, January 31, 2001 5:12 PM
> Subject: Wierd portscans
>
>
> >
> >
> > I've been going though my scanlogs and in the past couple of days I have
> > seen someone trying to come in.  Thier not getting in but im noticing
them
> > hitting a number of ports over and over. Primarily attempting udp port
0,
> > but also 35072, 41612, and 63240. I've done searches on Google,
Dejanews,
> > Bugtraq etc but can't seem to find out what these ports are.  Just
> > wondering if anyone had come across them ever....
> >
> >
> >  - Elric
> >
> >
>
> --------------------------------------------------------------------------
> >  Network Administrator                          Dierking Scott
Enterprises
>
> --------------------------------------------------------------------------
> >
> >
> >
>