Re: Re : Large scale scan of port 2401

[axess <axess () alldas de>]

On Fri, 24 Aug 2001, Sevo Stille wrote:


Mr. Sevo

> From my experience.watchin defaced AIX systems all day long and
see what port they have open i draw this conclustion.
This has not been added to public notice or i would not have went into
this discussion at all. There is no flaw in it.
Just a way to determite an operating system.
We are  talking about script kiddies that want * to deface.
I also refer to our database. 99% of all defaced AIX has this port open.
Since this has been a long discussion about this i want to point out
once again. No flaw / determite OS and after that exploit the AIX.

> axess wrote:
>
> > 2401/tcp  cvspserver
> >
> > This port is used by AIX
>
>
> I'd be surprised if it were - it would make anon-cvs rather awkward to
> run on AIX, and that probably would have made it into public knowledge.
> This is the default port for CVS servers, anon included. And the number
> of the latter alone will probably outnumber the count of open AIX
> systems on the net by a magnitude or more...
>
> I'd expect 2401 scans to look for CVS rather than AIX. Have any new CVS
> exploits cropped up? Of course, people might just be looking for open
> accounts or public access to private archives...
>
> Sevo

-- 
Mikael Olsson
axess - axess () alldas de
system administrator

IT-Security Information Network
http://www.alldas.de


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com