[Intrusions] Port Scanning on 1026 & 1027
Earnhart, Benjamin J
benjamin-earnhart at uiowa.edu
Wed Jul 27 15:29:36 GMT 2005
Same here, lately 1026 and 1027 have become as popular as 1433 and 22.
I assumed it was people trying to get by blocks on the regular MS SMB
ports (135-139 and 445). I *think* it should *mostly* be a non-issue,
since AFAIK, 1026 and 1027 only get opened up temporarily when
authenticating and establishing a connection, so an attacker would have
to have perfect timing and an unpatched machine to attack. But if it
really is that much of a no-big-deal thing, I don't get why the bad guys
are bothering with it.
So I concur with you that they're becoming very popular, and look
forward to somebody giving a decent explanation as to why this is
happening.
*==========================================;
*Ben Earnhart
*Computer Consultant and
*ICPSR Representative
*Department of Sociology and
*College of Liberal Arts
*University of Iowa
*(319) 335-2887
*benjamin-earnhart at uiowa.edu
*==========================================;
> -----Original Message-----
> From: intrusions-bounces at lists.sans.org
> [mailto:intrusions-bounces at lists.sans.org] On Behalf Of Tony Tomasello
> Sent: Tuesday, July 26, 2005 2:15 PM
> To: intrusions at lists.sans.org
> Subject: [Intrusions] Port Scanning on 1026 & 1027
>
> Guys,
>
> I have noticed a tremendous amount of scanning on ports 1026
> and 1027. Not
> sure if you all have been experiencing the same. Is this
> something that I
> should be concerned about ?
>
> Thanks,
> Tony T.
>
>
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>
More information about the Intrusions
mailing list