Re: NTP scan ????

From: Russell Fulton (R.FULTONat_private)
Date: Wed Feb 27 2002 - 12:16:55 PST

Next message: Richard Gilman: "More info about New PHP Exploit"

Previous message: Mark Seiden: "Re: New Attack / New Vulnerability?"
In reply to: Will Aoki: "Re: NTP scan ????"
Next in thread: Paul Gear: "Re: NTP scan ????"
Reply: Paul Gear: "Re: NTP scan ????"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2002-02-27 at 14:52, Will Aoki wrote:
> On Wed, Feb 27, 2002 at 10:43:19AM +1300, Russell Fulton wrote:

> (213.237.6.5) at 22:13 GMT-7 on the 20th, but I figured that it must
> be something other than NTP, since AFAIK NTP only runs over UDP.

Possibly but tcp-123 is reserved for NTP...  Another thought that
occurred to me was that it was a typo and they meant to scan for
1234 or 12345, both popular trojan ports, This seems unlikely since
it would appear that this wasn't a single scan.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Richard Gilman: "More info about New PHP Exploit"
Previous message: Mark Seiden: "Re: New Attack / New Vulnerability?"
In reply to: Will Aoki: "Re: NTP scan ????"
Next in thread: Paul Gear: "Re: NTP scan ????"
Reply: Paul Gear: "Re: NTP scan ????"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Feb 27 2002 - 16:40:41 PST