Educause Security Discussion mailing list archives

Re: scanning on port 901

From: Daniel Medina <medina () COLUMBIA EDU>
Date: Wed, 25 Feb 2004 18:29:22 -0500

 Here's a tidbit: two hosts are scanning for 901/tcp from our network.
Both are connected via 6667/tcp (IRC) to wod28904RN.rh.ncsu.edu
(152.7.50.249).  Checking the traffic that host is seeing will likely
turn up a lot of the sources for the scanning being seen; it's a C&C
node for a botnet that hasn't been taken offline yet.

 CCing abuse () ncsu edu again... (previously 152.7.51.130 and
152.7.8.227).

On Wed, Feb 25, 2004 at 12:11:45PM -0800, Niedens, Travis wrote:

Agreed, I have forwarded on the UNISOG discussion to other managers so we
are ready.


--
Daniel Medina

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

scanning on port 901 Craig Blaha (Feb 25)
- <Possible follow-ups>
- Re: scanning on port 901 Jeni Li (Feb 25)
- Re: scanning on port 901 Niedens, Travis (Feb 25)
- Re: scanning on port 901 Steve Worona (Feb 25)
- Re: scanning on port 901 Craig Blaha (Feb 25)
- Re: scanning on port 901 Niedens, Travis (Feb 25)
- Re: scanning on port 901 Daniel Medina (Feb 25)
- Re: scanning on port 901 Brian Eckman (Feb 25)