Re: [ILUG-BOM] [sec] scanning signs

30 Dec 2001

      Sometime on Dec 29, kishor bhagwat assembled some asciibets to say:
...
this is a malicious attempt-not innocent at all!!
hint:same destination and source ports...
Only in the case of SPT, DPT 22, 111.  Others have seemingly random SPT
You've got connect attempts (SYN packets) on ports 21, 22, 25, 111
(ftp, ssh, smtp, portmapper/sunrpc).
My guess is that someone is looking to see if you (or anyone on the
network (broadcast address)) have these services running.  Can't tell if
they're just probing for running services, of if they're actually
looking for exploits.  All I know is that all of the above have known
vulnerabilities and exploits.
21 - wu-ftpd - buffer overflow gives root shell - fixed?
22 - openssh - buffer overflow gives root shell - fixed
25 - sendmail - loads of bugs - fixed
111 - portmapper - rpc, nfs - say no more
Philip
-- 
All Finagle Laws may be bypassed by learning the simple art of doing
without thinking.

Visit my webpage at http://www.ncst.ernet.in/~philip/
Read my writings at http://www.ncst.ernet.in/~philip/writings/

  MSN  philiptellis                         Yahoo!  philiptellis
  AIM  philiptellis                         ICQ     129711328

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Re: [ILUG-BOM] [sec] scanning signs