From the INCIDENTS list:
------------------------------------------------------------------
> I'm looking at some backdoor code that listens on UDP 3049. I can see
> through ARIS TMS that a number of users have recoded scans for that port.
3049 is the CFS - Cryptografic File System - service port. Those scans are
probably probing for some weak - or absent - password for a file system.
------------------------------------------------------------------
CFS is rather old and not widely used AFAIK. Should we test if it's here?
------------------------------------------------------------------
> I'm looking at some backdoor code that listens on UDP 3049. I can see
> through ARIS TMS that a number of users have recoded scans for that port.
3049 is the CFS - Cryptografic File System - service port. Those scans are
probably probing for some weak - or absent - password for a file system.
------------------------------------------------------------------
CFS is rather old and not widely used AFAIK. Should we test if it's here?