Re: Odd scan

From: Muhammad Faisal Rauf Danka (
Date: 07/22/02

Date: Mon, 22 Jul 2002 05:11:27 -0700 (PDT)
From: Muhammad Faisal Rauf Danka <>

What's so odd about it?

you said it yourself that:
161 for SNMP
79 for finger
and 1524 for the reason that many RPC exploits spawn shell on this port, and people use this port for their backdoors too.

as far as your doubts about fingerd, there has been exploits for finger daemon.

It's just a scan probably using synscan, and he had exploits for fingerd and snmp only, and also trying out his luck to find some left backdoored box on port 1524.

It's quiet usual, looks like a newbie cracker scan on you. :)

Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.


Promote your group and strengthen ties to your members with by

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:

Relevant Pages

  • SUMMARY: no time for RTFM
    ... inetd.conf is where to comment simple services like finger. ... services like SMTP need to have their startup files taken out of commission ... Wasn't able to find a snmp startup file or daemon. ... # grep -i smtp services inetd.conf ...
  • no time for RTFM
    ... turned off ASAP, "mostly SMTP, Finger and snmp ". ... I could find no entry in either file for snmp. ... # grep -i smtp services inetd.conf ...
  • Re: Nochmal Mietminderung
    ... Sollte mein Klopfen gegen die Badtür etwas bewirkt haben? ... auch für Nagios - Nachricht per e-mail,SMS und SNMP: ...
  • Re: sunrpc & finger ports.
    ... > finger service is started via inetd/xinetd. ... >>certain versions of sunrpc. ... How to close that port? ... functional printer. ...
  • Re: 9.1 Install: Holes in Security in Default install
    ... >> With Mandrake I was given the option at install to close all these ports, ... this guy to turn off his finger port without even ... reason to close the port. ...