|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
27374 is the default port for the SubSeven trojan, not that the kids seem
to be running it on that port on campus here. I'm not sure about the 500
and 555 ports (although my memory is tickled), but you can find some info
on most of this stuff by going through the Snort signatures or at another
related site: www.whitehats.com
andrew.
>
> First column is connection attempt counts, last column is obvious reasons:
>
> 15 - 137/netbios-ns UDP - world readable/writeable windows fileshares
> 15 - 21/ftp TCP - anonymous ftp
> 12 - 111/sunrpc TCP - rpc holes / readable/writeable nfs exports
> 8 - 23/telnet TCP - unpassworded telnet
> 7 - 500/isakmp UDP - no idea.. ?
> 6 - 53/domain TCP - recent bad dns root exploit
> 2 - 1080/socks TCP - open proxy
> 1 - 555/dsf TCP - no idea
> 1 - 53/domain UDP - recent bad dns root exploit
> 1 - 27374/ TCP - no idea
>
>
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|