Intrusion Detection Systems mailing list archives

Re: Scanning on tcp port 27374

From: Talisker () technologist com (Talisker)
Date: Thu, 27 Apr 2000 19:07:48 +0100


Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
John

27374 is the default port for SubSeven 2.1, I suspect it's either been
rewritten in German, or there is another similar German application using
the same port.  I have numerous SubSeven scans in the last few weeks all
resolving to Germany Switzerland and Holland.
SubSeven itself is quite a nice tool, I suspect it will get more popular.
It's also worth noting that my my AntiVirus tool (updated 18 Apr) didnt pick
it up as a trojan.
SubSeven info
http://advice.networkice.com/advice/Intrusions/2003105/?port=27374&name=Fho+
7

Take Care

Andy

IDS Tools :www.internations.net/uk/talisker

The opinions contained within this transmission are entirely my own, and do
not necessarily reflect those of my employer.

----- Original Message -----
From: Benninghoff, John <JaBenninghoff () DainRauscher com>
To: <ids () uow edu au>
Sent: Wednesday, April 26, 2000 8:46 PM
Subject: IDS: Scanning on tcp port 27374

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
--------------------------------------------------------------------------

Hello all,

I've been lurking on IDS for several months now and I have a question for
the list...

I am currently working with Network ID using SHADOW, and I have seen

several

sequential and semi-sequential scans on tcp port 27374. I have not been

able

to figure out what exploit or service these scans are looking for, and I

was

wondering if anyone knew what service runs on this port, or is it simply

an

arbitrary port used by a scanning tool ? Also, has anyone else come across
these types of scans ?

Any info would be appreciated. Thanks.

-------------------------------------
John A Benninghoff
mailto:jabenninghoff () dainrauscher com

Current thread:

Re: Scanning on tcp port 27374, (continued)
- - - Re: Scanning on tcp port 27374 DPG (Apr 27)
    - Re: Part 2 Scanning on tcp port 27374 DPG (Apr 27)
    - strings in backdoor binaries Meritt, Jim (Apr 27)
    - Re: strings in backdoor binaries Anton Chuvakin (Apr 28)
    - Re: strings in backdoor binaries Gary Flynn (Apr 28)
    - Re: strings in backdoor binaries DPG (Apr 28)
    - Re: strings in backdoor binaries Jonas Eriksson (Apr 29)
    - Re: strings in backdoor binaries Jonas Eriksson (Apr 29)
    - Sniffing.... SatyaNarayana ANV (Apr 29)
    - RE: Scanning on tcp port 27374 Thomas J. Arseneault (Apr 27)
    - Re: Scanning on tcp port 27374 Talisker (Apr 27)
    - Fwd: Re: Part 2 Scanning on tcp port 27374 Lachlan Cranswick (Apr 27)
    - Re: Fwd: Re: Part 2 Scanning on tcp port 27374 DPG (Apr 28)
    - RE: Scanning on tcp port 27374 Benninghoff, John (Apr 27)
    - Re: RE: Scanning on tcp port 27374 Mike Condy (Apr 28)
  - Special Pub 800-12 -- An Introduction to Computer Security: The NIST Handbook 宏一 (Apr 28)