Security Incidents mailing list archives
Canned scan...part 2
From: gattaca () hushmail com
Date: Fri, 18 May 2001 19:37:42 -0600 (CDT)
Well, I guess I was a bit unclear. Thanks to all for your collective input on what the ports were (ie 31337, and 10008). I was however aware of them. The point I was wondering about was if this particular scan was a canned exploit, could it take another step if it were to successfull? If so then maybe someone has identified some artifacts. I would doubt that this was someone just messing around with nmap as it was the same scan pattern at different times from different address spaces from multiple addresses around the globe (NOT synchronized and vs. different machines on several different networks). If this was a scripted exploit then that could potentially be identified then a rule could be written for SHADOW, Snort, NetRanger et cetera. At any rate thanks for your input. cheers, gattaca Free, encrypted, secure Web-based email at www.hushmail.com
Current thread:
- Canned scan...part 2 gattaca (May 19)