Canned scan...part 2

[gattaca () hushmail com]

Well, I guess I was a bit unclear. Thanks to all for your collective input 
on what the ports were (ie 31337, and 10008). I was however aware of them. 
The point I was wondering about was if this particular scan was a canned 
exploit, could it take another step if it were to successfull? If so then 
maybe someone has identified some artifacts. I would doubt that this was 
someone just messing around with nmap as it was the same scan pattern at 
different times from different address spaces from multiple addresses around 
the globe (NOT synchronized and vs. different machines on several different 
networks). If this was a scripted exploit then that could potentially be 
identified then a rule could be written for SHADOW, Snort, NetRanger et 
cetera. 

At any rate thanks for your input.
cheers,
gattaca
Free, encrypted, secure Web-based email at www.hushmail.com