RE: Strange Connection Attempts

["Tim Heagarty" <tim () heagarty com>]

Port 17300 is apparently the backdoor of Kuang2. I've gotten a few hits of
it myself on a little ol' dialup line.

Tim Heagarty MCSE, MCP+I
"There are only 10 kinds of people in the world, those that understand
binary, and those that don't."
Work: (928) 636-0489
Cell: (928) 533-9690

-----Original Message-----
From: Keith T. Morgan [mailto:keith.morgan () terradon com]
Sent: Friday, February 14, 2003 11:23 PM
To: Hankes, Christopher A
Cc: security-basics () securityfocus com
Subject: RE: Strange Connection Attempts


Yeah.  We've seen these as well.  Ours came packed with a portscan for port
23, 67 (TCP) 1756, tcp 6112, and tcp 9001.  We've also seen a marked
increase in scans for tcp port 3389 (ms terminal services).  Additionally,
we've seen some odd scans for tcp 17300.

I haven't taken the time yet to see what runs on 17300 tcp.

> -----Original Message-----
> From: Hankes, Christopher A [mailto:Christopher.A.Hankes () uwsp edu]
> Sent: Friday, February 14, 2003 1:05 PM
> Cc: security-basics () securityfocus com
> Subject: Strange Connection Attempts
>
>
> As of about 2:00 am cst 2/14/03 I have been receiving connection
> attempts on my router to port 1756(caplast-lmd). Has any one seen this
> too? Are there any know vulnerabilities on that port? I have been
> getting a connection attempt about every 10-15 seconds. It's
> almost like
> a DoS attack. Anyone have any thoughts.=20
>
> Thanks
>
> Christopher Hankes
>
> CIS major
>
> University of Wisconsin -Stevens Point