Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Exploit on tcp/4128?

from [H Carvey] Network Security [Permanent Link]
Subject: Re: Exploit on tcp/4128?
Date: 15 Feb 2005 11:06:11 -0000 
In-Reply-To: <FJEGKKBKOEFBAAINEADJKEJKEKAA.baldwinL@mynetwatchman.com>

Lawrence,

Just out of curiosity, if this host is "scanning the world" for this port, why 
are you scanning it?  Usually, when a host scans, it issues queries to the 
destination port (in this case, 4128). 

I think when folks have referred to using netcat in cases such as this in the 
past, what they've referred to is using netcat in listening mode to capture 
packets, so that when you ask what the scan is looking for, one has actual data 
to look at.  Over on incidents.org, the analysts are always asking for packet 
data when someone reports an increase in activity on any particular port.  
Doing this would probably be of greater benefit than firing netcat (I would've 
used nmap, as you would have some data regarding packets sent to the port and 
responses) at it.

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com



Anyone know what this is:

D:\nc>nc -n -v 64.132.205.69 4128
(UNKNOWN) [64.132.205.69] 4128 (?) open

'ÖP?    ?      Version?   1.3?   Error?   ?   ?   Msg?   Invalid Packet
'ÖP?    ?      Version?   1.3?   Error?   ?   ?   Msg?   Invalid Packet
'ÖP?    ?      Version?   1.3?   Error?   ?   ?   Msg?   Invalid Packet
'ÖP?    ?      Version?   1.3?   Error?   ?   ?   Msg?   Invalid Packet

'ÖP?    ?      Version?   1.3?   Error?   ?   ?   Msg?   Invalid Packet
'ÖP?
  ?      Version?   1.3?   Error?   ?   ?   Msg?   Invalid Packet    ^C


The same host above is scanning the *world* for this port:

http://www.mynetwatchman.com/LID.asp?IID=146159119

Regards,

Lawrence Baldwin
myNetWatchman.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Exploit on tcp/4128?, Doug Rutherford
Next by Date:  Re: eBay Account Phishing with eBay Redirect, Nick FitzGerald
Previous by Thread:  RE: Exploit on tcp/4128?, Lawrence Baldwin
Next by Thread:  RE: Exploit on tcp/4128?, Mueller, Lance
Indexes:  [Date] [Thread] [Top] [All Lists]