North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Wierd portscans
And, BTW, it looks like the previous message was bounced due to the text attachment of the port numbers ASCII document. SBT. Justin ----- Original Message ----- From: "Justin Hinderliter" <[email protected]> To: "Justin Hinderliter" <[email protected]>; "Elric" <[email protected]>; "North America Network Operators Group Mailing List" <[email protected]> Sent: Wednesday, January 31, 2001 7:44 PM Subject: Re: Wierd portscans > As an added note, there's no match for those UDP ports on l0pht, phrack, > etc. either. > > Justin > > ----- Original Message ----- > From: "Justin Hinderliter" <[email protected]> > To: "Elric" <[email protected]>; "North America Network Operators Group > Mailing List" <[email protected]> > Sent: Wednesday, January 31, 2001 7:21 PM > Subject: Re: Wierd portscans > > > > Here's a list of services and their known port numbers. > > > > However, it appears that they're scanning for ports in the "reserved" or > > "unassigned" zones. It could be that they're scanning those ports just to > > see if you're allowing scans or blocking them/dropping them to a null > > route... before running a subsequent scan. Other than that, I'm not quite > > sure what they're looking for, to be truthful. > > > > One thought that comes to mind in regards to the high-numbered ports is > > whether they might think that that's a firewall running PAT/NAT, in which > > case, private IPs behind the firewall would end up showing up as > > high-numbered ports on the firewall. Is this on a gateway/firewall, and > if > > so, are you running NAT/PAT? > > > > Justin Hinderliter > > Network Analyst > > InterAccess Co. Data CLEC > > > > ----- Original Message ----- > > From: "Elric" <[email protected]> > > To: "North America Network Operators Group Mailing List" <[email protected]> > > Sent: Wednesday, January 31, 2001 5:12 PM > > Subject: Wierd portscans > > > > > > > > > > > > > I've been going though my scanlogs and in the past couple of days I have > > > seen someone trying to come in. Thier not getting in but im noticing > them > > > hitting a number of ports over and over. Primarily attempting udp port > 0, > > > but also 35072, 41612, and 63240. I've done searches on Google, > Dejanews, > > > Bugtraq etc but can't seem to find out what these ports are. Just > > > wondering if anyone had come across them ever.... > > > > > > > > > - Elric > > > > > > > > > > -------------------------------------------------------------------------- > > > Network Administrator Dierking Scott > Enterprises > > > > -------------------------------------------------------------------------- > > > > > > > > > > > >
|