Hi Karl, Do you mean that it is Protocol 91 (LARP) or TCP/UDP Port 91 (MIT Dover Spooler).
Not that it will make much difference to my answer except that I would presume that Protocol 91 would not be routable so would be internal, whereas port 91 could have come from outside. The only minor things I have found relate to http (port 80) and port 91 in conjunction with a Trojan attack, but there is no more information, just that the person who detected the ports used was confused as to why Port 91 appeared at all in the IDS reports. Can you tell I was bored tonight, any excuse for a sidetrack. Not much help for you but may spur someone on to tell us about Port 91. Gareth ""hal9001"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I realise that this is a bit off topic but it may be of interest as well and > its driving me nuts. I'm dealing with what appears to be a security breach > at the moment and from what I can accretion it deals with LARP on port 91 > and FTP on Port 21. I really don't know where to start with this can anyone > give me some idea or pointers as to what possible connection there can be > between the pair. > > As far as I can make out someone has FTP'ed out of the network or even > within it to an unknown address (I can't establish whether it was in or > outside as I have only a partial log entry) and used Port 91....LARP for > some purpose. Coincidentally three terminals on the same subnet (Windows 98 > with MS Proxy 2 Client) have then been disabled from seeing the Proxy Server > subsequently and only the Proxy Server, all other services were OK. This > has been at great inconvenience to a finance office which was then "fixed" > by somebody in two minutes flat by a person removed the Proxy Client > Software i.e. he/she knew exactly where to go, if you see what I mean. This > was after two weeks scratching around for answers....things could not be > disturbed too much. > > Can anyone shed any light on this at all, I cannot find any good explanation > of LARP apart from a passing reference to MAC addresses. As you can imagine > its caused a few questions that I for one would like answering. > > Thanks > > Karl > > IMPORTANT NOTICE: > This message is intended solely for the use of the Individual or > organisation to whom it is addressed. It may contain privileged or > confidential information. If you have received this message in error, > please notify the originator immediately. > > If you are not the intended recipient, you should not use, copy, alter, or > disclose the contents of this message. All information or opinions > expressed in this message and/or any attachments are those of the author and > are not necessarily those of Karl or Pauline HUTCHINSON. > Karl & Pauline HUTCHINSON accepts no responsibility > for loss or damage arising from its use, including damage from virus. > > > > > IMPORTANT NOTICE: > This message is intended solely for the use of the Individual or > organisation to whom it is addressed. It may contain privileged or > confidential information. If you have received this message in error, > please notify the originator immediately. > > If you are not the intended recipient, you should not use, copy, alter, or > disclose the contents of this message. All information or opinions > expressed in this message and/or any attachments are those of the author and > are not necessarily those of Karl or Pauline HUTCHINSON. > Karl & Pauline HUTCHINSON accepts no responsibility > for loss or damage arising from its use, including damage from virus. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24719&t=24693 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
