TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
You got me all wrong, my apologies if i have offended you personally or
professionally.
The thing is i get about 30 mails per week asking, "what does port XXX do ?
i think it's a new Trojan", (most of the times by script kiddies),most
people just don't search, you did not say you had searched the archives or
web resources so i interpreted that you had not searched them.
At 12:38 14-11-2000 -0500, you wrote:
>_I_ care about what these ports are used, because it's part of my job to
>know what tools are being used to scan/probe my networks. I also take the
>scanning seriously because I use this activity to judge the threat of the
>originating ISP's, .edu's, etc. and often permanently block their packets
You block specific ISP packets i find that hard to believe, because of
dynamic IP address allocation, you block hacker1 that has the following
address 200.122.89.122 one time and you block costumer1 that happens to
use the same ISP the other time (hum), or do you e-mail the ISP and ask
them to investigate?
> at my perimeter. It's an indication that they either don't have or don't
> enforce an Acceptable Use Policy. The day I feel fat, dumb and happy
> behind my big bad firewall is the day I need to give up my job to someone
> more proactive
Well, if your firewall is perfectly configured and you are sure no new
trojan client/server software has been installed, you can worry about more
important things than open ports, since you probably have a stealth
configuration on your firewall your firewall won't respond to trojan
commands, unless you let it ;), by configuring at application level.
>Just so you're aware, I checked several of my usual www resources, I
>checked the archives and I made liberal use of several search engines, but
>was still unable to turn up information on the ports I listed. Then, and
>only then, did I turn to this list, the community of my peers, for
>assistance and education.
I'm glad you did but you did not mention that on your previous e-mail.
>I take slight offense at being told to "look harder." If you don't have
>an answer or don't care to answer... don't answer. Please don't do the
>moderator's job. If my question was completely off topic or a complete
>waste of time, it would have been filtered.
I did not intend to offend you, and i did provide several answers, i have
no intentions of becoming moderator of this list ;), but questions like
this one have been answered in the passed.
>On a more positive note, I do appreciate the resource you forwarded...
>Thank you. I'll check out tauscan and see what I can learn from it.
Your quite welcomed, and if you need more resources, it will be my pleasure
to give them to you, i also would like to add the following information:
contact:
Jon Rosarky ([EMAIL PROTECTED]) about port #5665
# 10289-10999 Unassigned this could be a trojan or some other innocent
application
Todd Barker ([EMAIL PROTECTED]) about port #11270
...they might take i wile to respond.
>Kind Regards
>NetBoss
P.S: there are more important issues than port scanning to network security
(as you surely know), that's why these what does it do questions make me a
little to aggressive, please don't take this aggressively as if i directed
to you personally, once again if i offended you, which i think i did not (i
merely told you to search for the answer more deeply, most of the time i
get a dozen script kiddies asking questions like this one and they even
have the nerve to ask for source code, and link's, i did not notice it was
a question posed at the ISSforum mailing list, i took you for a script kid,
sorry).
