Re: [SLUG] Something very odd

Thu, 10 Aug 2000 21:58:12 -0700 

Port 2064 is the port used by distributed net's rc5-64 key cracking effort.
That's the port used to connect to it's keysevers to retrieve keys to be
cracked..

More info: www.distributed.net

HTH

Dan.

----- Original Message -----
From: "Howard Lowndes" <[EMAIL PROTECTED]>
To: "Mail List - SLUG" <[EMAIL PROTECTED]>
Sent: Friday, August 11, 2000 2:57 PM
Subject: [SLUG] Something very odd


> I have had 2 DDoS attacks in the past 2 days to one of my machines, but I
> have just noticed something very odd in my traffic flow.
>
> One of my other machines, not the one that was the target of the DDoS,
> initiated a TCP session to 206.109.64.186 port 2064.  Now as far as I am
> aware I haven't done anything to cause this machine, its my desktop w/s,
> to inititate this session so I ran an nmap scan and came up with this:
>
> # nmap -sS -O -F 206.109.64.186
>
> Starting nmap V. 2.30BETA17 by [EMAIL PROTECTED] (
> www.insecure.org/nmap/ )
> RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
> RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
> WARNING: OS didn't match until the 2 try
> Interesting ports on Your.Unreality.com (206.109.64.186):
> Port       State       Service
> 21/tcp     open        ftp
> 22/tcp     open        ssh
> 25/tcp     open        smtp
> 80/tcp     open        http
> 110/tcp    open        pop-3
> 111/tcp    open        sunrpc
> 113/tcp    open        auth
> 143/tcp    open        imap2
> 2064/tcp   open        distrib-netassholes
> 3306/tcp   open        mysql
> 6005/tcp   filtered    X11:5
> 6666/tcp   open        irc-serv
> 8080/tcp   open        http-proxy
>
> Remote operating system guess: FreeBSD 2.2.1 - 3.2
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 818 seconds
>
> Can ayone tell me what service distrib-netassholes is?  It telnets but
> doesn't give anything out to indicate what it is.
> --
> Howard.
> ______________________________________________________
> LANNet Computing Associates <http://www.lannet.com.au>
>
>
>
> --
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://slug.org.au/lists/listinfo/slug
>



--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

Reply via email to