Security Incidents mailing list archives
Re: Port 10008
From: Tracey Losco <tal1 () acf3 nyu edu>
Date: Tue, 15 May 2001 11:49:53 -0400
Hey there,I had the same thing going on here yesterday and the day before. I did some poking around and found out that the Lion worm spawns a rootshell on 10008...maybe we're seeing a new automated search for compromised machines?
At 11:10 AM +0200 5/15/01, Joerg Weber wrote:
Hello everyone, my FW-Logs went insane last night with gazillions of connection attempts to port 10008. FW-1 does unfortunately not log dropped packets, so I've no idea about flags et al, but the scan looks like this: SourcePort = Increases with each scan DestPort = 10008 This looks like an automated tool to me, as the whole scan took about a second or two. Any ideas? Thanks, Joerg
-- -------------------------------------------------------------------- Tracey Losco Network Services security () nyu edu Information Technology Services http://www.nyu.edu/its/security New York University (212) 998 - 3433 PGP Fingerprint: 8FFB FE47 6156 7BF0 B19E 462B 9DFE 51F5
Current thread:
- Port 10008 Joerg Weber (May 15)
- Re: Port 10008 jlewis (May 15)
- Re: Port 10008 jlewis (May 22)
- Re: Port 10008 Tracey Losco (May 15)
- Re: Port 10008 Tim Brown (May 15)
- Re: Port 10008 Mike Scott (May 15)
- Re: Port 10008 Crist Clark (May 15)
- Re: Port 10008 Rob Lindenbusch (May 15)
- Re: Port 10008 Bryan Andersen (May 15)
- Cheese Worm - Port 10008 HyunWoo Lee (May 16)
- Re: Port 10008 jlewis (May 15)