Re: Re : Large scale scan of port 2401

From: axess (axess@alldas.de)
Date: 08/24/01 

Date: Fri, 24 Aug 2001 23:03:15 +0200 (CEST)
From: axess <axess@alldas.de>
To: Sevo Stille <sevo@ip23.net>
Subject: Re: Re : Large scale scan of port 2401
Message-ID: <Pine.LNX.4.33.0108242251250.18444-100000@viking.alldas.de>

On Fri, 24 Aug 2001, Sevo Stille wrote:

Mr. Sevo

From my experience.watchin defaced AIX systems all day long and
see what port they have open i draw this conclustion.
This has not been added to public notice or i would not have went into
this discussion at all. There is no flaw in it.
Just a way to determite an operating system.
We are talking about script kiddies that want * to deface.
I also refer to our database. 99% of all defaced AIX has this port open.
Since this has been a long discussion about this i want to point out
once again. No flaw / determite OS and after that exploit the AIX.

> axess wrote:
>
> > 2401/tcp cvspserver
> >
> > This port is used by AIX
>
>
> I'd be surprised if it were - it would make anon-cvs rather awkward to
> run on AIX, and that probably would have made it into public knowledge.
> This is the default port for CVS servers, anon included. And the number
> of the latter alone will probably outnumber the count of open AIX
> systems on the net by a magnitude or more...
>
> I'd expect 2401 scans to look for CVS rather than AIX. Have any new CVS
> exploits cropped up? Of course, people might just be looking for open
> accounts or public access to private archives...
>
> Sevo
>
> 

-- 
Mikael Olsson
axess - axess@alldas.de
system administrator

IT-Security Information Network
http://www.alldas.de

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Relevant Pages