|
Security Incidents
mailing list archives
Port 109 scanning
From: "A.L.Lambert" <alambert () EPICREALM COM>
Date: Mon, 6 Nov 2000 07:25:47 -0600
I'm curious if anyone else has been getting port 109 SYN/FIN
scan's lately? (src 109 -> dst 109). I've gotten them from two separate
sources, several days apart (looks like a sequential scan of multiple
class A networks), and I thought it was a bit odd, since last time I
heard, POP2 was a virtually abandoned protocol (at least I've never seen
it in use, and I've been mucking around on the net for a long time now),
and in this day and age, a SYN/FIN scan is almost certain to set off
IDS's.
Normally a targeted scan looking for something that won't hurt my
network wouldn't do much more than wake me up enough to e-mail the admin's
of the offending network, but this one has my curiosity aroused, since on
the surface, it looks both noisy, and pointless (or are there vulnerable
pop2 servers all over the net that I'm unaware of?).
The source of the scan's were 204.31.162.252, and 209.84.237.75,
and the targets were in the 200.x.x.x and 213.x.x.x netblock's.
Anyway, anyone with comments/thoughts, I'd be interested. Thanks
in advance.
--A.L.Lambert
 By Date 
By Thread
Current thread:
- Port 109 scanning A.L.Lambert (Nov 07)
|
Intro
