Re: TCP Port

Subject: Re: TCP Port
From: Adam Elkins (i-robot@gci.net)
Date: Fri Jan 31 2003 - 16:07:46 AKST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: David Plaster: "help"
• Previous message: Adam Elkins: "Re: TCP Port"
• In reply to: Arthur Corliss: "Re: TCP Port"
• Next in thread: Wesley Brown: "Re: TCP Port"
• Reply: Adam Elkins: "Re: TCP Port"
• Reply: Adam Elkins: "Re: TCP Port"

Your right...port 12345 and 12346 are there, as well as 27374 (SubSeven)
is there anything I can do about this>? I think his ISP is
http://www.charter.com. (My guess from running traceroute.)

SmoothWall IDS snort log
Date: 31 January

Date: 01/31 07:36:11
Name: ICMP Destination Unreachable (Communication Administratively Prohibited)
Priority: 3
Type: Misc activity
IP Info: 192.168.0.3:64607 -> 24.247.194.57:6667
Refs:

Date: 01/31 07:36:19
Name: ICMP Destination Unreachable (Communication Administratively Prohibited)
Priority: 3
Type: Misc activity
IP Info: 192.168.0.3:64623 -> 24.247.194.57:119
Refs:

Date: 01/31 07:36:37
Name: ICMP Destination Unreachable (Communication Administratively Prohibited)
Priority: 3
Type: Misc activity
IP Info: 192.168.0.3:64734 -> 24.247.194.57:1080
Refs:

Date: 01/31 07:36:50
Name: ICMP Destination Unreachable (Communication Administratively Prohibited)
Priority: 3
Type: Misc activity
IP Info: 192.168.0.3:64933 -> 24.247.194.57:12345
Refs:

Date: 01/31 07:37:10
Name: ICMP Destination Unreachable (Communication Administratively Prohibited)
Priority: 3
Type: Misc activity
IP Info: 192.168.0.3:61464 -> 24.247.194.57:31337
Refs:

Date: 01/31 07:37:10
Name: ICMP Destination Unreachable (Communication Administratively Prohibited)
Priority: 3
Type: Misc activity
IP Info: 192.168.0.3:61465 -> 24.247.194.57:25
Refs:

Date: 01/31 07:37:12
Name: ICMP Destination Unreachable (Communication Administratively Prohibited)
Priority: 3
Type: Misc activity
IP Info: 192.168.0.3:61607 -> 24.247.194.57:80
Refs:

Date: 01/31 07:37:13
Name: ICMP Destination Unreachable (Communication Administratively Prohibited)
Priority: 3
Type: Misc activity
IP Info: 192.168.0.3:61741 -> 24.247.194.57:136
Refs:

Date: 01/31 07:37:15
Name: ICMP Destination Unreachable (Communication Administratively Prohibited)
Priority: 3
Type: Misc activity
IP Info: 192.168.0.3:61901 -> 24.247.194.57:21
Refs:

Date: 01/31 07:37:17
Name: ICMP Destination Unreachable (Communication Administratively Prohibited)
Priority: 3
Type: Misc activity
IP Info: 192.168.0.3:61968 -> 24.247.194.57:12346
Refs:

Date: 01/31 07:37:17
Name: ICMP Destination Unreachable (Communication Administratively Prohibited)
Priority: 3
Type: Misc activity
IP Info: 192.168.0.3:62048 -> 24.247.194.57:110
Refs:

Date: 01/31 07:37:19
Name: spp_stream4: NMAP FINGERPRINT (stateful) detection
Priority: n/a
Type: n/a
IP Info: 192.168.0.3:62081 -> 24.247.194.57:445
Refs:

Date: 01/31 07:37:28
Name: spp_stream4: NMAP FINGERPRINT (stateful) detection
Priority: n/a
Type: n/a
IP Info: 192.168.0.3:62081 -> 24.247.194.57:445
Refs:

Date: 01/31 07:37:36
Name: spp_stream4: NMAP FINGERPRINT (stateful) detection
Priority: n/a
Type: n/a
IP Info: 192.168.0.3:62081 -> 24.247.194.57:445
Refs:

Date: 01/31 08:07:03
Name: ICMP Destination Unreachable (Communication Administratively Prohibited)
Priority: 3
Type: Misc activity
IP Info: 192.168.0.3:62129 -> 24.247.194.57:27374
Refs:

Date: 01/31 13:47:51
Name: ICMP Destination Unreachable (Communication Administratively Prohibited)
Priority: 3
Type: Misc activity
IP Info: 192.168.0.3:63297 -> 24.247.194.57:110
Refs:

Date: 01/31 13:48:05
Name: ICMP Destination Unreachable (Communication Administratively Prohibited)
Priority: 3
Type: Misc activity
IP Info: 192.168.0.3:63304 -> 24.247.194.57:25
Refs:

Date: 01/31 13:48:38
Name: ICMP Destination Unreachable (Communication Administratively Prohibited)
Priority: 3
Type: Misc activity
IP Info: 192.168.0.3:63396 -> 24.247.194.57:1434
Refs:

Date: 01/31 13:49:06
Name: ICMP Destination Unreachable (Communication Administratively Prohibited)
Priority: 3
Type: Misc activity
IP Info: 192.168.0.3:63596 -> 24.247.194.57:1080
Refs:

Date: 01/31 13:49:13
Name: ICMP Destination Unreachable (Communication Administratively Prohibited)
Priority: 3
Type: Misc activity
IP Info: 192.168.0.3:63704 -> 24.247.194.57:80
Refs:

Date: 01/31 13:49:16
Name: ICMP Destination Unreachable (Communication Administratively Prohibited)
Priority: 3
Type: Misc activity
IP Info: 192.168.0.3:63754 -> 24.247.194.57:21
Refs:

Date: 01/31 13:49:24
Name: ICMP Destination Unreachable (Communication Administratively ProhiOn
Friday 31 January 2003 02:51 pm, Arthur Corliss wrote:
> On Fri, 31 Jan 2003, Adam Elkins wrote:
> > This ip 24.247.194.57 is hitting my firewall MANY times....What odd, is
> > the ports it trying to connect to...like this one; 31337
> > Now, most of us know what 31337 means...anyone know of any trojans using
> > this port?
>
> Back Orifice is the most common backdoor that uses that port (using UDP,
> anyway). They're probably just scanning for hosts that have common
> backdoors installed. You'll probably see scans for 2140, 3150, 12345, and
> 12346 (UDP for the first two, TCP for the latter) as well.
>
> --Arthur Corliss
> Bolverk's Lair -- http://arthur.corlissfamily.org/
> Digital Mages -- http://www.digitalmages.com/
> "Live Free or Die, the Only Way to Live" -- NH State Motto
>
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: David Plaster: "help"
• Previous message: Adam Elkins: "Re: TCP Port"
• In reply to: Arthur Corliss: "Re: TCP Port"
• Next in thread: Wesley Brown: "Re: TCP Port"
• Reply: Adam Elkins: "Re: TCP Port"
• Reply: Adam Elkins: "Re: TCP Port"

This archive was generated by hypermail 2a23 : Fri Jan 31 2003 - 16:37:21 AKST