Security Incidents mailing list archives
Re: Port 17300 probes?
From: Joris De Donder <joris () digitaldefense be>
Date: Tue, 15 Apr 2003 20:38:55 +0200
if you have any information on why this scanning is being seen in an increasing number, that would be appreciated (the tool that does the scanning perhaps?)
http://members.lycos.co.uk/ircspybot/
From the readme.txt:
"Date: 08:04:2003 Fixed the kuang spreader Date: 05:04:2003 Features: - HTTP server [...] - Port scanner - Syn flooder - Kuang2 and sub7 spreader [...]" Also last year (in august I think) a new client was released for the Kuang trojan.
From a post on trojanforge.net:
"This new client will allow you to scan for kuang servers and automatically update the server from a url that you specify. You can either use the built in scanner or load an external list of ip addresses." Joris ---------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents ----------------------------------------------------------------------------
Current thread:
- Port 17300 probes? incidents (Apr 14)
- Re: Port 17300 probes? Gerd Feiner (Apr 15)
- <Possible follow-ups>
- Re: Port 17300 probes? Kevin Patz (Apr 15)
- Re: Port 17300 probes? Joe Stewart (Apr 17)
- Re: Port 17300 probes? MARLON BORBA (Apr 15)
- Re: Port 17300 probes? Joris De Donder (Apr 17)