lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <EFEDB05BD6D3904BA5A595FB322BB4FF03EBB3@dnzakex1.datacom.co.nz>
From: StuartF at datacom.co.nz (Stuart Fox (DSL AK))
Subject: TCP Port 42 port scans?  What the heck over ...

There's an outstanding security issue with WINS on Windows servers - TCP
port 42 is the WINS port.

Cheers

Stu 

> -----Original Message-----
> From: full-disclosure-bounces@...ts.netsys.com 
> [mailto:full-disclosure-bounces@...ts.netsys.com] On Behalf 
> Of James Lay
> Sent: Tuesday, 14 December 2004 2:47 a.m.
> To: Full-Disclosure (E-mail)
> Subject: [Full-Disclosure] TCP Port 42 port scans? What the 
> heck over...
> 
> Here they be.  ODD.  Anyone else seeing this?
> 
> Dec 13 06:41:49 gateway kernel: Web netrecall drops:IN=br0 OUT=br0
> PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.1 
> LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP 
> SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN URGP=0 Dec 13 
> 06:41:49 gateway kernel: Web1 drops:IN=br0 OUT=br0 
> PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.18.1 
> LEN=40 TOS=0x00 PREC=0x00
> TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 
> RES=0x00 SYN URGP=0 Dec 13 06:41:49 gateway kernel: Web 
> netrecall drops:IN=br0 OUT=br0
> PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.4 
> LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP 
> SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN URGP=0 Dec 13 
> 06:41:49 workbox kernel: IN=eth0 OUT= 
> MAC=00:60:97:a5:76:36:00:10:7b:90:bc:30:08:00 
> SRC=131.252.116.141 DST=10.1.200.10 LEN=40 TOS=0x00 PREC=0x00 
> TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 
> RES=0x00 SYN URGP=0 Dec 13 06:41:49 gateway kernel: Web 
> netrecall drops:IN=br0 OUT=br0
> PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.7 
> LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP 
> SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN URGP=0 Dec 13 
> 06:41:49 gateway kernel: X12 drops:IN=br0 OUT=br0 PHYSIN=eth1 
> PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.20.14 LEN=40 
> TOS=0x00 PREC=0x00
> TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 
> RES=0x00 SYN URGP=0 Dec 13 06:41:49 gateway kernel: Web 
> netrecall drops:IN=br0 OUT=br0
> PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.19.2 
> LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=57370 DF PROTO=TCP 
> SPT=6000 DPT=42 WINDOW=65535 RES=0x00 SYN URGP=0 Dec 13 
> 06:41:49 gateway kernel: Htpedi drops:IN=br0 OUT=br0 
> PHYSIN=eth1 PHYSOUT=eth0 SRC=131.252.116.141 DST=10.1.20.17 
> LEN=40 TOS=0x00 PREC=0x00
> TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 
> RES=0x00 SYN URGP=0 Dec 13 06:41:49 gateway kernel: Edirecall 
> drops:IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=eth0 
> SRC=131.252.116.141 DST=10.1.20.12 LEN=40 TOS=0x00 PREC=0x00
> TTL=116 ID=57370 DF PROTO=TCP SPT=6000 DPT=42 WINDOW=65535 
> RES=0x00 SYN URGP=0 
> 
> 
> 
> James Lay
> Network Manager/Security Officer
> AmeriBen Solutions/IEC Group
> Deo Gloria!!!
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ