Security Incidents mailing list archives
RE: [Securityfocus-incidents] Dameware scans, worm?
From: "Remko Lodder" <remko () elvandar org>
Date: Thu, 22 Jan 2004 17:32:53 +0100
Jup, on the incidents mailinglist from sans we discussed this as well, numberous people see an increase. perhaps have a look at www.dshield.org cheers -- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl Dutch community for helping newcomers on the hackerscene -----Oorspronkelijk bericht----- Van: securityfocus-incidents-bounces () lists elvandar org [mailto:securityfocus-incidents-bounces () lists elvandar org]Namens Keith T. Morgan Verzonden: donderdag 22 januari 2004 16:44 Aan: incidents () securityfocus com Onderwerp: [Securityfocus-incidents] Dameware scans, worm? We've seen an increase in scans for dameware (tcp 6129) over the past four days. I believe there was an exploit released for dameware, but I'm unaware of it's behavior. A colleague first noticed these across multiple class C networks scanning consecutive IPs, and we have been seeing the same type of activity. The interesting part about the scans is that they almost universally have a source port of 220, which to me indicates either worm activity or a canned scanner/exploit combo with a hard-coded source-port. Anyone else seeing an increase in these? **************************************************************************** ********************** The contents of this email and any attachments are confidential. It is intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies. ** this message has been scanned for viruses, vandals and malicious content ** **************************************************************************** ********************** --------------------------------------------------------------------------- ---------------------------------------------------------------------------- _______________________________________________ Securityfocus-incidents mailing list Securityfocus-incidents () lists elvandar org http://lists.elvandar.org/mailman/listinfo/securityfocus-incidents --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: [Securityfocus-incidents] Dameware scans, worm? Remko Lodder (Jan 22)