Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Strange port 23 traffic
From: Costas Karafasoulis <karafas () MAIL ARIADNE-T GR>
Date: Sun, 18 Mar 2001 22:49:37 +0200
There is some strange traffic in my network, that I can really
figure out what its is. It consists of a large number of connections
of the form:


xxx.xxx.xxx.xxx.1079-yyy.yyy.yyy.yyy.23
POST
http://xxx.xxx.xxx.xxx:23/Ready?PVersion=1.0&CVersion=4000000&TVersion=1.0&S
ession=441272 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 38
Cache-Control: no-cache
Pragma: no-cache
Date: Thu, 15 Feb 2001 00:20:56 GMT
Host: xxx.xxx.xxx.xxx

transaction=
DAAAAAgAAAASAAAAAAAAAA==
----------------------------------------------------------------------------
--------

yyy.yyy.yyy.yyy.23-xxx.xxx.xxx.xxx.1079

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Connection: close
Date: Thu, 15 Feb 2001 00:19:15 GMT
Content-Type: text/html
Content-Length: 660
Expires: Thu, 15 Feb 2001 00:19:15 GMT

<html><title>Conducent Response</title><body><P>
OjU5AGh0dHA6Ly9yZWRVjZW50LmNvbS9TY3JpcHRzL1JlZG
yLmRsbD9SyMDAxLTA2LTMwIDIzOjU5OjU5ADIzOjU5
</P></body></html>


any ideas waht it could be ???

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]