Educause Security Discussion mailing list archives

Am I the only one?

From: Jim Pollard <jim.pollard () MAIL UTEXAS EDU>
Date: Wed, 14 Apr 2004 09:50:18 -0500

Or did I miss it on Bugtraq?  Recently I've noticed a scan pattern in my logs and wonder if anyone might recognize it 
as either a known virus or some kiddie scanning tool looking for virus backdoors?  There are some variations... 
occasionally port 80 and 8080 are included.
 
Service: 1025 (tcp/1025) (net2fw:DROP:,eth1,none) - 2 packets (take your pick... either network blackjack or an 
assortment of viruses and backdoors)
         Service: 2745 (tcp/2745) (:net2fw:DROP:,eth1,none) - 2 packets (Beagle virus)
         Service: 3127 (tcp/3127) (:net2fw:DROP:,eth1,none) - 2 packets (MyDoom virus)
         Service: 6129 (tcp/6129) (net2fw:DROP:,eth1,none) - 3 packets (W32.Mockbot) also Dameware

 
Thanks!
 
Jim

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Am I the only one? Jim Pollard (Apr 14)
- <Possible follow-ups>
- Re: Am I the only one? Mark Wilson (Apr 14)
- Re: Am I the only one? Dan Jones (Apr 14)
- Re: Am I the only one? Helms, Sandra (Apr 14)
- Re: Am I the only one? Jim Pollard (Apr 14)
- Re: Am I the only one? Are Leif Garn}sjordet (Apr 14)
- Re: Am I the only one? Kathy Bergsma (Apr 14)
- Re: Am I the only one? Mark Wilson (Apr 14)
- Re: Am I the only one? Jason Richardson (Apr 14)