without a lot of thought... it occurs to me that if the scan started below
port 1024 that you are being lied to...
without testing it, i doubt that the programmers at microsoft would make
"that blatant" of a boo boo...
it would kind of be like me scanning your network to use a great new
program called... "pickAmachineANDaPORTsmtp" to send this email to you....
--->
Robert H. Hanson Cutting Edge Communications, Inc.
Otis Orchards, Wa. Regional Commercial Internet Service Provider
(509) 927-9541 email: roberth @
cet .
com - http://www.cet.com/
On Mon, 4 Nov 1996 Greg .
Donkin @
roke .
co .
uk wrote:
>
> The other day i was looking at the logs from our Firewall-1 and saw a
> portscan starting at port 1 all the way up to 65535. Of course i start
> looking at it further & discover it's come from the *inside* of the wall.
> Looks like one of the users has been playing around, so pausing only to
> pick up the office baseball bat on the way out, i go to have a quiet word,
> but when i talked to him he said it's part of the beta Netmeeting 2 from
> our old chums Microsoft. I haven't looked at it myself but i'd take our
> guy's word for it. He says it's a few lines of VBasic which looks for a
> port to use. Seems to me this is, how shall i put it? Irresponsible?
> Designed to piss off Firewall administrators?
>
> Anyone else come across this? Anyone from M$ care to comment?
>
> Greg
>
> Greg Donkin Email: Greg .
Donkin @
roke .
co .
uk
>
> Siemens Business Services at Roke Manor Research
>
> #include <std.disclaimer.h>
>
References:
|
|
