[Dshield] port 7000?

Jaikula jaikula at ihug.com.au
Fri Oct 4 05:33:15 GMT 2002


Port 7000 is also used for IRC servers if they have it open for that
purpose.

----- Original Message -----
From: "Tim Rushing" <dshield at threenorth.com>
To: <list at dshield.org>
Sent: Friday, October 04, 2002 4:02 AM
Subject: [Dshield] port 7000?


Just saw this on a dedicated box:

Oct  3 12:48:43 mybox kernel: Packet log: input REJECT eth0 PROTO=6
209.0.253.133:3448 a.b.c.194:7000 L=60 S=0x00 I=24069 F=0x4000 T=52 SYN
(#91)
Oct  3 12:48:43 mybox kernel: Packet log: input REJECT eth0 PROTO=6
209.0.253.133:3449 a.b.c.195:7000 L=60 S=0x00 I=24070 F=0x4000 T=52 SYN
(#91)
Oct  3 12:48:43 mybox kernel: Packet log: input REJECT eth0 PROTO=6
209.0.253.133:3450 a.b.c.196:7000 L=60 S=0x00 I=24071 F=0x4000 T=52 SYN
(#91)
Oct  3 12:48:43 mybox kernel: Packet log: input REJECT eth0 PROTO=6
209.0.253.133:3451 a.b.c.197:7000 L=60 S=0x00 I=24072 F=0x4000 T=52 SYN
(#91)


These are the first port 7000 scans I have ever had directed at
me.  Looking at the port 7000 scans at incidents.org, it seems that there
is a very small uptick in records, but the number of targets have mostly
been in the single digits.

My 4 ips represent almost exactly the average number of targets/day in the
database for the last 4 days.

A google search on port 7000 shows some X-font servers, the afs file
server, some known older trojans, but I didn't spot anything that seemed
obviously recent.

       ---Tim Rushing






More information about the list mailing list