Security Incidents mailing list archives

Re: Hmm....901

From: "Curt Wilson" <netw3_security () hushmail com>
Date: Tue, 3 Jun 2003 11:54:37 -0700


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Samba Web Administration Tool (SWAT) listens on this port. It seems that
scans for this port have increased, based on some of these reports. Check
your samba SWAT configs, iptables and perimeter FW rules. Anyone know
anything about a new exploit?

On Tue, 03 Jun 2003 04:18:25 -0700 morning_wood <se_cur_ity () hotmail com>
wrote:

Depends if its a Win box or *nix. If it was win I would suggest it
is a scan
for the trojan "Net-Devil" . If it is a *nix box there is a remote
admin on
many installs at that port.

morning_wood
http://exploitlabs.com

----- Original Message -----
From: "David Kennedy CISSP" <david.kennedy () acm org>
To: <incidents () securityfocus com>
Sent: Monday, June 02, 2003 12:35 AM
Subject: Hmm....901

I hate a mystery.  Saw several 901's in my reports.

http://isc.incidents.org/port_details.html?port=901&repax=1&tarax=2&srcax=2&;

percent=N&days=70&Redraw=Submit+Query

Date Sources Targets Records
2003-06-02 97  13168 31506
2003-06-01 482  51263 77878
2003-05-31 149  41068 43239
2003-05-30 135  36259 71512
2003-05-29 31  32336 32403
2003-05-28 22  61853 102004
2003-05-27 39  317 405
2003-05-26 67  230 501
2003-05-25 62  361 665
2003-05-24 39  152 541


2003-04-19 11  35419 57290



--
Regards,
                                          /"\
David Kennedy CISSP                       \ / ASCII Ribbon Campaign
Protect what you connect;                  X  Against HTML Mail
Look both ways before crossing the Net.   / \


--------------------------------------------------------------

------------
--

--------------------------------------------------------------

------------
--


----------------------------------------------------------------
------------
----------------------------------------------------------------
------------

Curt R. Wilson
Netw3 Security
www.netw3.com
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAj7c7x4ACgkQRnf2MGkR9yvL0QCaAzlbfmog0y0C0SeLYN9XfTtz1bkA
n0BBaASwGILjas9RQcDiNmXSrdd5
=OOrL
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Hmm....901 David Kennedy CISSP (Jun 02)
- Re: Hmm....901 morning_wood (Jun 03)
- Re: Hmm....901 Florin Andrei (Jun 06)
- <Possible follow-ups>
- FW: Hmm....901 Brian Taylor (Jun 03)
- Re: Hmm....901 cvonancken (Jun 03)
- Re: Hmm....901 Curt Wilson (Jun 03)
- Re: Hmm....901 Jason Falciola (Jun 10)