Nexcess
Feb 25 2004, 04:43 AM
hxxp://isc.sans.org/ shows these ports being scanned a lot, and im wondering why ive seen both on my firewall as well recently, anyone want to pipe in with some clues?
-Nexy
Pro21
Feb 25 2004, 07:54 AM
generaly this ports used by :
port 901 (smpnameres)
port 8888 (ddi-udp-1)
Maybe a linux Proxy.
R0x0r
Feb 25 2004, 07:56 AM
I has been looking a little around the net. I think that port 8888 is NewsEDGE server and 901 is SMPNAMERES.. Don't ask me what it is
D3ADLiN3
Feb 25 2004, 09:25 AM
Its botnet script kiddies again spreading through the netdevil trojan,
901 - net devil (trojan)
Not sure about port 8888 thoe :/
PuPPaFiSH
Feb 25 2004, 10:35 AM
I think that port 901 is also used for SWAT on linux - Thats the Samba Web Admin Tool if I remember right..
bitwild
Feb 25 2004, 10:39 AM
port 901 Net-Devil, Pest(!)
port 8888 Dark IRC(?)
D3ADLiN3
Feb 25 2004, 12:48 PM
yeah theres a spybot with a netdevil spreader out so all the aol kiddies are scannin like mad
QuadMedic
Feb 25 2004, 06:01 PM
Damn AOL kiddies...............
SgtRush
Feb 25 2004, 06:20 PM
While 901 is the default port for netdevil it is also the control port for ISS Real Secure Network Sensors (IDS). Having said that, I am inclined to agree that it is the former not the latter that people are looking for.
Merchantp
Feb 29 2004, 09:50 AM
it's definetly due to Netdevil tons of bots scan for it, thus it's overly scanned and everything vuln is already raped pillaged and burned.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
