Looks like a probe from Netcat, passing the IP required by the -n switch, and
-v, echo back as much information as you can about the connection attempt)
The question would be, what on your network, that you know of, is responsive to
that port? Are any of the probed machines running processes you don't
recognize? Most likely looking for a backdoor that is assumed there by the
command switch invoked. This response looks like a neg response.
r/Jim Butterworth
-----Original Message-----
From: Lawrence Baldwin [mailto:baldwinL@mynetwatchman.com]
Sent: Monday, February 14, 2005 2:00 PM
To: incidents@securityfocus.com; bugtraq@securityfocus.com
Subject: Exploit on tcp/4128?
Anyone know what this is:
D:\nc>nc -n -v 64.132.205.69 4128
(UNKNOWN) [64.132.205.69] 4128 (?) open
'ÖP? ? Version? 1.3? Error? ? ? Msg? Invalid Packet
'ÖP? ? Version? 1.3? Error? ? ? Msg? Invalid Packet
'ÖP? ? Version? 1.3? Error? ? ? Msg? Invalid Packet
'ÖP? ? Version? 1.3? Error? ? ? Msg? Invalid Packet
'ÖP? ? Version? 1.3? Error? ? ? Msg? Invalid Packet
'ÖP?
? Version? 1.3? Error? ? ? Msg? Invalid Packet ^C
The same host above is scanning the *world* for this port:
http://www.mynetwatchman.com/LID.asp?IID=146159119
Regards,
Lawrence Baldwin
myNetWatchman.com
Note: The information contained in this message may be privileged and
confidential and thus protected from disclosure. If the reader of this
message is not the intended recipient, or an employee or agent responsible
for delivering this message to the intended recipient, you are hereby
notified that any dissemination, distribution or copying of this
communication is strictly prohibited. If you have received this
communication in error, please notify us immediately by replying to the
message and deleting it from your computer. Thank you.
