RE: Port 3335

• Previous message: Bennett Todd: "Re: Real-world attacks on sendmail CA-2003-07 seen"
• Maybe in reply to: Robin Lynn Frank: "Port 3335"
• Next in thread: Harlan Carvey: "Re: Port 3335"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Danny <Danny@drexel.edu>
To: 'Robin Lynn Frank' <rlfrank@paradigm-omega.com>, "'incidents@securityfocus.com'" <incidents@securityfocus.com>
Date: Mon, 10 Mar 2003 12:41:49 -0500

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Eliftps default port is 3335
http://software.sci.utah.edu/eliftp.html

Can you give us any more information? Is the traffic being sent to your hosts with a destination port or source port of 3335, is it TCP or UDP?
Any chance of getting some packet dumps of this activity?

Cheers
Danny
Network Security Engineer
Drexel University
PGP Print: C6AD B205 E3C6 38AB 0164 6604 66F5 CCFC F4ED F1E0
PGP Key: http://akasha.irt.drexel.edu/danny.asc
 

|->-----Original Message-----
|->From: Robin Lynn Frank [mailto:rlfrank@paradigm-omega.com]
|->Sent: Friday, March 07, 2003 8:54 PM
|->To: incidents@securityfocus.com
|->Subject: Port 3335
|->
|->I am seeing a lot of activity on port 3335 from a number of domains. Can
|->someone give me an idea as to what this may be about?
|->--
|->Sed quis custodiet ipsos custodes?
|->=========================================================================
|->=
|->Robin Lynn Frank - Director of Operations - Paradigm-Omega, LLC
|->Copyright and PGP/GPG info in mail or message headers.
|->Email acceptance policy at http://paradigm-omega.com/email_policy.html
|->=========================================================================
|->=
|->
|->-------------------------------------------------------------------------
|->---
|->
|-><Pre>Lose another weekend managing your IDS?
|->Take back your personal time.
|->15-day free trial of StillSecure Border Guard.</Pre>
|-><A href="http://www.securityfocus.com/stillsecure">
|->http://www.securityfocus.com/stillsecure </A>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPmzPLGb1zPz07fHgEQJrEACgoZNGh2fRYcK40t2TbqaBpYWN6KAAniY5
MR7KAj7Wni2l4Lhdalfvhx21
=EV6j
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>

• Previous message: Bennett Todd: "Re: Real-world attacks on sendmail CA-2003-07 seen"
• Maybe in reply to: Robin Lynn Frank: "Port 3335"
• Next in thread: Harlan Carvey: "Re: Port 3335"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: about mirroring port ... I would recommend that you not try any 'mirroring' or 'port ... This creates numerous problems within a network, ... On some Cisco routers, I believe that you can use a 'tap port', which allows ... onto multiple IDSes. ... (Focus-IDS) Re: TAP location ... progressing onto the ISS document. ... If you have any further questions concerning tap implementation, ... > I am working on a new hotel/congress setup and I need to install 3 IDS ... > port to a consolidated switch to witch I will attach the sniffing port of ... (Focus-IDS) RE: TAP location ... > IDS might get you in trouble. ... that you should own the switch, and enforce the rules of configuring the ... going between the direct NIC and the Switch port. ... >>Utilising DNS port as a back channel: I use a forwarder for my internet ... (Focus-IDS) RE: Stopping File Sharing Programs... ... Make it corporate policy that these programs are not permitted ... application layer firewalls will not actually block these guys over port 80. ... then when your IDS sees a user using one of the ... Kazaa by blocking the port 1214. ... (Security-Basics) Antwort: TAP location ... Subject: Antwort: TAP location ... >that in no condition can the IDS be compromise from the network segment ... >port to a consolidated switch to witch I will attach the sniffing port of ... >to monitor, can I connect port A of the TAP to a hub port, attach the IDS ... (Focus-IDS)