[Snort-users] Suspicious DNS query, et al.
neil at ...1633...
Tue Apr 3 15:22:26 EDT 2001
"Fernando Cardoso" <fernando.cardoso at ...965...> wrote in
response to me:
>Port 3879 seems to be almost a standard for Linux exploits. All of them make
>use of lammys bind shell code which binds a shell to that port. Didn't
>check, but I guess you can find it at www.hack.co.za.
Thanks for the information, Fernando. The Snort site port search page
turned up nothing, and I couldn't figure out what that port is used for.
>Things seem to be calm round here. Only one scan for sunrpc and a couple
>searching for trojans (Deep Throat and Subseven)...
I see scans for those as well from time to time. I'm glad they didn't
bother you more than usual this time.
Neil Dickey, Ph.D.
Northern Illinois University
More information about the Snort-users