Security Incidents mailing list archives
Re: Hmm....901
From: "Curt Wilson" <netw3_security () hushmail com>
Date: Tue, 3 Jun 2003 11:54:37 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Samba Web Administration Tool (SWAT) listens on this port. It seems that scans for this port have increased, based on some of these reports. Check your samba SWAT configs, iptables and perimeter FW rules. Anyone know anything about a new exploit? On Tue, 03 Jun 2003 04:18:25 -0700 morning_wood <se_cur_ity () hotmail com> wrote:
Depends if its a Win box or *nix. If it was win I would suggest it is a scan for the trojan "Net-Devil" . If it is a *nix box there is a remote admin on many installs at that port. morning_wood http://exploitlabs.com ----- Original Message ----- From: "David Kennedy CISSP" <david.kennedy () acm org> To: <incidents () securityfocus com> Sent: Monday, June 02, 2003 12:35 AM Subject: Hmm....901I hate a mystery. Saw several 901's in my reports.http://isc.incidents.org/port_details.html?port=901&repax=1&tarax=2&srcax=2&percent=N&days=70&Redraw=Submit+Query Date Sources Targets Records 2003-06-02 97 13168 31506 2003-06-01 482 51263 77878 2003-05-31 149 41068 43239 2003-05-30 135 36259 71512 2003-05-29 31 32336 32403 2003-05-28 22 61853 102004 2003-05-27 39 317 405 2003-05-26 67 230 501 2003-05-25 62 361 665 2003-05-24 39 152 541 2003-04-19 11 35419 57290 -- Regards, /"\ David Kennedy CISSP \ / ASCII Ribbon Campaign Protect what you connect; X Against HTML Mail Look both ways before crossing the Net. / \ -------------------------------------------------------------------------- ---------------------------------------------------------------------------- ------------------------------------------------------------------ ------------ ---------------------------------------------------------------- ------------
Curt R. Wilson Netw3 Security www.netw3.com -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj7c7x4ACgkQRnf2MGkR9yvL0QCaAzlbfmog0y0C0SeLYN9XfTtz1bkA n0BBaASwGILjas9RQcDiNmXSrdd5 =OOrL -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Hmm....901 David Kennedy CISSP (Jun 02)
- Re: Hmm....901 morning_wood (Jun 03)
- Re: Hmm....901 Florin Andrei (Jun 06)
- <Possible follow-ups>
- FW: Hmm....901 Brian Taylor (Jun 03)
- Re: Hmm....901 cvonancken (Jun 03)
- Re: Hmm....901 Curt Wilson (Jun 03)
- Re: Hmm....901 Jason Falciola (Jun 10)