These are just a few, and some are actually appz / services that just happen to run on those ports, and are exploitable. I'm *positive* there are more, do we have any more information? (Figured I've give you the Trojan List at least... ;) ) 1024 - NetSpy 1025 - Maverick's Matrix 1027/1029/1032/1033 - ICQ 1033 - Exploit Descent Manager Module 1042 - Rasmin 1045 - Rasmin 1080 - Socks / Wingate 1090 - Xtreme 1170 - Voice Streaming Audio 1207 - SoftWar 1234 - Ultris - Me "Fletcher Mattox" <fletcherat_private> on 10/17/2001 10:05:39 AM To: incidentsat_private cc: Subject: portscan on tcp ports 1024 to 1280 What application or exploit probes every tcp port between 1024 and 1280 (i.e. 256 different ports in random order). The source port is always 80 or 0. Every host on our network is being scanned in this manner from several different places. Some source ip addresses are: 65.203.157.138 65.203.157.29 66.150.15.150 209.15.44.204 Thanks Fletcher ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Oct 17 2001 - 10:25:40 PDT