Security Incidents mailing list archives
Re: Port 17300 probes?
From: Kevin Patz <jambo_cat () yahoo com>
Date: 14 Apr 2003 19:12:02 -0000
In-Reply-To: <Pine.LNX.4.44.0304140133090.29002-100000 () ruby gem> It's a backdoor trojan called "Kuang2 The Virus." Computers infected with the W32.Weird (Kuang2) virus will have this port open to a backdoor trojan dropped by the virus. I see port 17300 scans on and off, and they've started in again as of 4/13 or so. I think some script kiddie(s) are using a distributed scan tool to probe for infected boxes to exploit.
Since January I have logged the following probes of
port 17300; is
this a known? -------GMT---- Jan 4 11:16:20 212.143.36.64:1530 -> 17300 Jan 4 12:13:05 212.143.36.64:1744 -> 17300 Jan 21 23:37:58 24.95.177.30:4979 -> 17300 Jan 26 05:49:46 216.40.195.83:17300 -> 17300 Jan 29 16:39:20 12.212.35.44:4861 -> 17300 Feb 15 23:02:22 220.88.89.170:3252 -> 17300 Feb 15 23:09:08 217.210.222.213:1347 -> 17300 Feb 15 23:16:16 211.194.95.150:1062 -> 17300 Feb 21 00:29:12 61.77.241.204:4997 -> 17300 Feb 21 01:17:22 220.77.194.249:3226 -> 17300 Feb 21 09:50:25 61.248.164.86:4385 -> 17300 Feb 27 11:03:55 24.77.128.66:1461 -> 17300 Mar 1 09:34:03 131.128.137.177:3003 -> 17300 Mar 26 13:10:26 209.40.101.170:17300 -> 17300 Apr 10 18:23:42 217.121.239.168:4299 -> 17300 Apr 13 18:10:14 212.118.6.209:3507 -> 17300 Apr 13 20:38:01 209.40.97.21:17300 -> 17300 Apr 14 05:19:10 61.238.101.155:2507 -> 17300 Apr 14 06:17:51 218.252.139.30:2254 -> 17300
---------------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-incidents2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. ----------------------------------------------------------------------------
Current thread:
- Port 17300 probes? incidents (Apr 14)
- Re: Port 17300 probes? Gerd Feiner (Apr 15)
- <Possible follow-ups>
- Re: Port 17300 probes? Kevin Patz (Apr 15)
- Re: Port 17300 probes? Joe Stewart (Apr 17)
- Re: Port 17300 probes? MARLON BORBA (Apr 15)
- Re: Port 17300 probes? Joris De Donder (Apr 17)