Educause Security Discussion mailing list archives
Re: scanning on port 901
From: Daniel Medina <medina () COLUMBIA EDU>
Date: Wed, 25 Feb 2004 18:29:22 -0500
Here's a tidbit: two hosts are scanning for 901/tcp from our network. Both are connected via 6667/tcp (IRC) to wod28904RN.rh.ncsu.edu (152.7.50.249). Checking the traffic that host is seeing will likely turn up a lot of the sources for the scanning being seen; it's a C&C node for a botnet that hasn't been taken offline yet. CCing abuse () ncsu edu again... (previously 152.7.51.130 and 152.7.8.227). On Wed, Feb 25, 2004 at 12:11:45PM -0800, Niedens, Travis wrote:
Agreed, I have forwarded on the UNISOG discussion to other managers so we are ready.
-- Daniel Medina ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- scanning on port 901 Craig Blaha (Feb 25)
- <Possible follow-ups>
- Re: scanning on port 901 Jeni Li (Feb 25)
- Re: scanning on port 901 Niedens, Travis (Feb 25)
- Re: scanning on port 901 Steve Worona (Feb 25)
- Re: scanning on port 901 Craig Blaha (Feb 25)
- Re: scanning on port 901 Niedens, Travis (Feb 25)
- Re: scanning on port 901 Daniel Medina (Feb 25)
- Re: scanning on port 901 Brian Eckman (Feb 25)