Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: port 119

Re: port 119

From: Robert Graham <bugtraq_at_NETWORKICE.COM>
Date: Mon, 3 Jan 2000 14:20:25 -0800

Port 119 is used by NNTP (USENET news:).

Since USENET is used for lots of illegal/fringe activities, people hunt for
servers that they can post anonymously through, or download content from.
Several websites maintain lists of open NNTP servers found through such
scanning.

BTW, common scans (like this one) are discussed in my "firewall seen" FAQ:
http://www.robertgraham.com/pubs/firewall-seen.html#port119

Regards,
Rob.

-----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTS_at_securityfocus.com]On
Behalf Of Dariusz Zmokly
Sent: Monday, January 03, 2000 3:33 AM
To: INCIDENTS_at_securityfocus.com
Subject: port 119

hi !

I wonder what does it mean when someone wants to connect to my machine on
port 119. Is there any software that could do it or is it a scan ?

Jan 2 01:27:41 rh-master portsentry[444]: attackalert: SYN/Normal scan from
host: jammed.com/165.227.120.19 to TCP port: 119
Jan 3 09:22:52 rh-master portsentry[444]: attackalert: SYN/Normal scan from
host: twhou-220-35.ev1.net/207.218.220.35 to TCP port: 119

best regards :)
Dariusz Zmokly
Received on Jan 04 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos