[plug] One off FTP and Telnet attempts ?
Steve Grasso
steveg at calm.wa.gov.au
Thu Nov 30 17:18:20 WST 2000
On Thu, 30 Nov 2000, Peter F Bradshaw wrote:
> On Tue, 28 Nov 2000, Christian wrote:
>
> > Yes, this is very common. In fact, you'd probably see plenty of DNS
> > and IMAP probes too if you had some way of detecting them. People are
> > continually scanning blocks of IP's looking for open ports that might be
> > the entry point to a system.
>
> The one that I do not understand is port taps on port 27374. According to
> /etc/services this port is the:
> "asp 27374/tcp # Address Search Protocol"
>
> whatever that is. I don't now which software listens on that port. However,
> it is a very popular port to tap and has been for some time. It must be a
> script that gets a lot of success.
According to http://www.glocksoft.com/trojan_port.htm 27374 is a SubSeven
Windows trojan port, which would explain its popularity.
>
> There are a number of taps on ports 137 and 139 which are used by the Windows
> Netbios system. People who are running Samba should beware!
I imagine most people block requests to these ports from the external
interface as a matter of course. I know I do.
Steve
More information about the plug
mailing list