Re: Port 10008

[Tracey Losco <tal1 () acf3 nyu edu>]

Hey there,

I had the same thing going on here yesterday and the day before.  I 
did some poking around and found out that the Lion worm spawns a 
rootshell on 10008...maybe we're seeing a new automated search for 
compromised machines?


At 11:10 AM +0200 5/15/01, Joerg Weber wrote:
> Hello everyone,
>
> my FW-Logs went insane last night with gazillions of connection attempts to
> port 10008.
> FW-1 does unfortunately not log dropped packets, so I've no idea about flags
> et al, but the scan looks like this:
> SourcePort = Increases with each scan
> DestPort   = 10008
>
> This looks like an automated tool to me, as the whole scan took about a
> second or two.
> Any ideas?
>
> Thanks,
>
> Joerg

--
--------------------------------------------------------------------
Tracey Losco
Network Services                        security () nyu edu
Information Technology Services         http://www.nyu.edu/its/security
New York University                     (212) 998 - 3433

PGP Fingerprint: 8FFB FE47 6156 7BF0  B19E 462B 9DFE 51F5