Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [Securityfocus-incidents] Dameware scans, worm?

From: "Remko Lodder" <remko () elvandar org>
Date: Thu, 22 Jan 2004 17:32:53 +0100
Jup,

on the incidents mailinglist from sans we discussed this as well,
numberous people see an increase. perhaps have a look at www.dshield.org

cheers

--

Kind regards,

Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene

-----Oorspronkelijk bericht-----
Van: securityfocus-incidents-bounces () lists elvandar org
[mailto:securityfocus-incidents-bounces () lists elvandar org]Namens Keith
T. Morgan
Verzonden: donderdag 22 januari 2004 16:44
Aan: incidents () securityfocus com
Onderwerp: [Securityfocus-incidents] Dameware scans, worm?


We've seen an increase in scans for dameware (tcp 6129) over the past
four days.  I believe there was an exploit released for dameware, but
I'm unaware of it's behavior.  A colleague first noticed these across
multiple class C networks scanning consecutive IPs, and we have been
seeing the same type of activity.

The interesting part about the scans is that they almost universally
have a source port of 220, which to me indicates either worm activity or
a canned scanner/exploit combo with a hard-coded source-port.

Anyone else seeing an increase in these?

****************************************************************************
**********************
The contents of this email and any attachments are confidential.
It is intended for the named recipient(s) only.
If you have received this email in error please notify the system manager or
the
sender immediately and do not disclose the contents to anyone or make
copies.

** this message has been scanned for viruses, vandals and malicious content
**
****************************************************************************
**********************


---------------------------------------------------------------------------
----------------------------------------------------------------------------

_______________________________________________
Securityfocus-incidents mailing list
Securityfocus-incidents () lists elvandar org
http://lists.elvandar.org/mailman/listinfo/securityfocus-incidents


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: