[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: exit counts by port number over 61 days



Hi Scott,

Am 13.04.2009 um 19:00 schrieb Scott Bennett:

	1)  Why is the nicname/whois port the most heavily used?  In fact,
	why is it getting much use at all?

My guess: spammers and profilers, scanning for email adresses and other personal data.

	2) Why are there so many exits to the standard socks port?  It
	seems kind of strange to go all the way through the tor network
	fully encrypted, only to exit in the clear to a port somewhere
	else for re-encryption.  Similarly, what about pptp?

There are Trojans opening backdoors on that port.

http://isc.sans.org/port.html?port=1080

	4) Who still uses RFS?  Didn't that die out a *long* time ago?
	(The rfs port had 70 exits.)

I bet nobody. That's why there seems to be somebody using the port for something else.


Sven

Attachment: smime.p7s
Description: S/MIME cryptographic signature