Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: port 9704 scans

Re: port 9704 scans

From: Chris 'Chipper' Chiapusio <chipper_at_LLAMAS.NET>
Date: Fri, 8 Sep 2000 16:14:58 -0400

there is a wu-ftpd exploit that puts a shell on 9704 in inetd.conf. I
suspect someone is scanning for already comprimised machines to piggyback
on.

Chipper

On Fri, 8 Sep 2000, Vitaly Osipov wrote:

>Hi all,
>
>I am just curious, what was that guy scanning for - i have packets like one
>below directed to all hosts in my net...
>
>09/08-10:55:57.081848 0:90:F2:55:F0:0 -> 0:60:8:CE:FC:C1 type:0x800 len:0x3C
>24.141.204.108:9704 -> xxx.xx.xx.xx:9704 TCP TTL:23 TOS:0x0 ID:39426
>**SF**** Seq: 0x1FFE9308 Ack: 0x62D853AD Win: 0x404
>
>
>they are syn-fin packets with source and destination ports 9704. I have not
>found any references to any trojans using this port.
>
>regards,
>Vitaly.
>

------
                    Please encrypt anything important.
PGP Key: http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x6CFA486D
Received on Sep 08 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos