Security Incidents mailing list archives
RE: Scanning from source Port 220 for Port 21
From: "Jamey Dillon" <jamey.dillon () comcast net>
Date: Thu, 1 Apr 2004 13:55:49 -0500
Only inbound activity for port 21. Only association with Dameware is the source 220 and scanning pattern. Thanks. -----Original Message----- From: caldcv () students fccj org [mailto:caldcv () students fccj org] Sent: Wednesday, March 31, 2004 9:27 PM To: incidents () securityfocus com Subject: Re: Scanning from source Port 220 for Port 21 In-Reply-To: <20040331162805.9303.qmail () search securityfocus com>
We have in the last 5 weeks seen an increase of scanning from port 220 to
FTP.
The traffic appears to follow the charachteristics of the Dameware scanning
of months past.
Has anyone else noticed this on their networks? Do you have any idea what
tool/worm may be used to cause this activity?
http://cert.uni-stuttgart.de/archive/intrusions/2004/02/msg00055.html http://lists.elvandar.org/pipermail/securityfocus-incidents/2004-January/000 042.html Apparantly, DameWare is a big thing. I think it's mainly contributed to the IRC warez scene, because its a popular tool for them to use. Do you have any possible infected hosts on your network that you don't know about? -CC --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_incidents_040301 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_incidents_040301 ----------------------------------------------------------------------------
Current thread:
- Re: Scanning from source Port 220 for Port 21 caldcv (Apr 01)
- RE: Scanning from source Port 220 for Port 21 Jamey Dillon (Apr 01)