[ale] watching traffic

rhiannen rhiannen at atlantacon.org
Tue Apr 16 08:43:22 EDT 2002


Not arguing the (lack of) connection tracking, but in answer to the
original question (and because i'm home feeling lousy & a tad contrary,)
here's a few links from my bookmarks:

Ports used by trojans (shortish, yawn)
http://www.simovits.com/sve/nyhetsarkiv/1999/nyheter9902.html

What port numbers do well-known trojan horses use? (well, sans...)
http://www.sans.org/newlook/resources/IDFAQ/oddports.htm

listed & trojan ports (LONG, in numeric order, the one i usually turn to
first)
http://www.neohapsis.com/neolabs/neo-ports/
(http://www.neohapsis.com/neolabs/neo-ports/neo-ports.html)

&, while it doesn't list the nasties (trojans/exploits), it's still
rather handy anyways: the IANA "who's been using this port?" list of
Well Known (0-1023) & Registered Ports (1024-49151) 
http://www.iana.org/assignments/port-numbers


-- 
rhia
knowledge is power - arm yourself



Jim Popovitch wrote:
> 
> Hi Cade,
> 
> A lot of those incoming connections that you are seeing are actually return
> connections that you (or other applications) requested.  The linksys, at
> least the one that I have, doesn't do connection tracking.  That is it
> doesn't match new incoming connections with any possible previous outbound
> connections.
> 
> -Jim P.
> 
> > -----Original Message-----
> > From: Cade Thacker [mailto:linux at cade.org]
> > Sent: Monday, April 15, 2002 10:18 PM
> > To: ale at ale.org
> > Subject: [ale] watching traffic
> >
> >
> > Evening,
> > I just installed the LogView software that come with my Linksys router. It
> > is kinda neat seeing who is coming from where. But my question is that I
> > am seeing some strange incoming attempts (suprise, suprise), but the port
> > numbers do not seem familar. Does anyone know a good page that tells what
> > ports crackers are know to use or look for?
> >
> > These have shown up just in the last 20 minutes.
> >
> > the nslookups are out to the right.
> >
> > 209.73.225.68  :7104
> > 216.249.24.120 :1720
> > 64.236.16.136  :4008  (i3.cnn.net)
> > 65.197.236.51  :1245
> > 152.163.226.70 :1950 (wads-r06b.blue.aol.com)
> > 209.249.123.231:1249 (a209-249-123-231.deploy.akamaitechnologies.com)
> >
> > Thanks!!
> >
> >
> > --cade
> >
> > On Linux vs Windows
> > ==================
> > Remember, amateurs built the Ark, Professionals built the Titanic!
> > ==================
> >
> >
> >
> >
> > ---
> > This message has been sent through the ALE general discussion list.
> > See http://www.ale.org/mailing-lists.shtml for more info.
> > Problems should be
> > sent to listmaster at ale dot org.
> >
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> sent to listmaster at ale dot org.

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list