[Snort-users] Suspicious DNS query, et al.

Neil Dickey neil at ...1633...
Tue Apr 3 15:22:26 EDT 2001


"Fernando Cardoso" <fernando.cardoso at ...965...> wrote in
response to me:

>Port 3879 seems to be almost a standard for Linux exploits. All of them make
>use of lammys bind shell code which binds a shell to that port. Didn't
>check, but I guess you can find it at www.hack.co.za.

Thanks for the information, Fernando.  The Snort site port search page
turned up nothing, and I couldn't figure out what that port is used for.

>Things seem to be calm round here. Only one scan for sunrpc and a couple
>searching for trojans (Deep Throat and Subseven)...

I see scans for those as well from time to time.  I'm glad they didn't
bother you more than usual this time.

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115







More information about the Snort-users mailing list