Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: port 119

Re: port 119

From: R a v e N <barakirs_at_NETVISION.NET.IL>
Date: Wed, 5 Jan 2000 10:52:38 +0200

Port 119 is NNTP - Network News Transfer Protocol (for newsgroups. It
works with TCP and UDP).
Do you have an NNTP server on this host? 'Cause it could be someone
exploiting it.
It could also be someone trying to connect to a news server on your host
(thinking that there is one there) which simply does not exist, or it
could be some sort of an attack. 

--
If a packet hits a pocket on a socket on a port
And the bus is interrupted as a very last resort
And the address of the memory makes the data link abort
Then the socket packet pocket has an error to report.
http://blacksun.box.sk
Dariusz Zmokly wrote:
> hi !
>
> I wonder what does it mean when someone wants to connect to my machine on
> port 119. Is there any software that could do it or is it a scan ?
>
> Jan  2 01:27:41 rh-master portsentry[444]: attackalert: SYN/Normal scan from host: jammed.com/165.227.120.19 to TCP port: 119
> Jan  3 09:22:52 rh-master portsentry[444]: attackalert: SYN/Normal scan from host: twhou-220-35.ev1.net/207.218.220.35 to TCP port: 119
>
> best regards :)
> Dariusz Zmokly
Received on Jan 04 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos