Re: portscan on tcp ports 1024 to 1280

From: Joshua_Hillerat_private
Date: Wed Oct 17 2001 - 10:15:20 PDT

  • Next message: Alan Wright: "RE: Scans from Moscow"

    These are just a few, and some are actually appz / services that just
    happen to run on those ports, and are exploitable.
    
    I'm *positive* there are more, do we have any more information?    (Figured
    I've give you the Trojan List at least... ;) )
    
    
    
    1024 - NetSpy
    1025 - Maverick's Matrix
    1027/1029/1032/1033 - ICQ
    1033 - Exploit Descent Manager Module
    1042 - Rasmin
    1045 - Rasmin
    1080 - Socks / Wingate
    1090 - Xtreme
    1170 - Voice Streaming Audio
    1207 - SoftWar
    1234 - Ultris
    
    
    - Me
    
    
    
    
    
    "Fletcher Mattox" <fletcherat_private> on 10/17/2001 10:05:39 AM
    
    To:   incidentsat_private
    cc:
    
    Subject:  portscan on tcp ports 1024 to 1280
    
    
    What application or exploit probes every tcp port between 1024 and 1280
    (i.e. 256 different ports in random order).  The source port is always
    80 or 0.  Every host on our network is being scanned in this manner from
    several different places.  Some source ip addresses are:
    
    65.203.157.138
    65.203.157.29
    66.150.15.150
    209.15.44.204
    
    Thanks
    Fletcher
    
    ----------------------------------------------------------------------------
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com
    
    
    
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Wed Oct 17 2001 - 10:25:40 PDT