lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 14 Feb 2005 17:34:34 -0500
From: "Lawrence Baldwin" <baldwinL@...etwatchman.com>
To: <incidents@...urityfocus.com>, <bugtraq@...urityfocus.com>
Subject: RE: Exploit on tcp/4128?


Jim,

This host is not on my network...*I* issued the netcat to manually
interrogate the IP (outside my network) that was detected by the mNW system
as blowing out boatloads of tcp/4128...based on the target IP showing in the
mNW incident,it has scanned a couple of Class As already.


Lawrence.

> -----Original Message-----
> From: Butterworth, Jim [mailto:jim.butterworth@...dancesoftware.com]
> Sent: Monday, February 14, 2005 17:23
> To: baldwinL@...etwatchman.com; incidents@...urityfocus.com;
> bugtraq@...urityfocus.com
> Subject: RE: Exploit on tcp/4128?
>
>
> Looks like a probe from Netcat, passing the IP required by the -n
> switch, and -v, echo back as  much information as you can about
> the connection attempt)  The question would be, what on your
> network, that you know of, is responsive to that port? Are any of
> the probed machines running processes you don't recognize?  Most
> likely looking for a backdoor that is assumed there by the
> command switch invoked.  This response looks like a neg response.
>
> r/Jim Butterworth
>
> -----Original Message-----
> From: Lawrence Baldwin [mailto:baldwinL@...etwatchman.com]
> Sent: Monday, February 14, 2005 2:00 PM
> To: incidents@...urityfocus.com; bugtraq@...urityfocus.com
> Subject: Exploit on tcp/4128?
>
> Anyone know what this is:
>
> D:\nc>nc -n -v 64.132.205.69 4128
> (UNKNOWN) [64.132.205.69] 4128 (?) open
>
> 'ÖP?    ?      Version?   1.3?   Error?   ?   ?   Msg?   Invalid Packet
> 'ÖP?    ?      Version?   1.3?   Error?   ?   ?   Msg?   Invalid Packet
> 'ÖP?    ?      Version?   1.3?   Error?   ?   ?   Msg?   Invalid Packet
> 'ÖP?    ?      Version?   1.3?   Error?   ?   ?   Msg?   Invalid Packet
>
> 'ÖP?    ?      Version?   1.3?   Error?   ?   ?   Msg?   Invalid Packet
> 'ÖP?
>    ?      Version?   1.3?   Error?   ?   ?   Msg?   Invalid Packet    ^C
>
>
> The same host above is scanning the *world* for this port:
>
> http://www.mynetwatchman.com/LID.asp?IID=146159119
>
> Regards,
>
> Lawrence Baldwin
> myNetWatchman.com
>
> Note: The information contained in this message may be privileged and
> confidential and thus protected from disclosure. If the reader of this
> message is not the intended recipient, or an employee or agent
> responsible
> for delivering this message to the intended recipient, you are hereby
> notified that any dissemination, distribution or copying of this
> communication is strictly prohibited.  If you have received this
> communication in error, please notify us immediately by replying to the
> message and deleting it from your computer.  Thank you.
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ