Full Disclosure mailing list archives

Re: Odd logs

From: "morning_wood" <se_cur_ity () hotmail com>
Date: Wed, 4 Jun 2003 10:15:20 -0700


----- Original Message -----
From: "Muhammad Faisal Rauf Danka" <mfrd () attitudex com>
To: "Scott M. Algatt" <salgatt () turtleshell net>;
<full-disclosure () lists netsys com>
Sent: Wednesday, June 04, 2003 8:28 AM
Subject: Re: [Full-disclosure] Odd logs

Quick search reveals that it has been found on various web statistics as

well. That concludes to the probability that it is a signature of some
web/cgi scanning utility.


Backdoor.OptixPro.11.b Trojan also by default uses the same port.

Regards
--------
Muhammad Faisal Rauf Danka


Optix 1.1 uses port 3410 by default. Do not rely on someone elses port
mappings.

morning_wood
http://exploitlabs.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Odd logs, (continued)
- Re: Odd logs Lan Guy (Jun 04)
  - Re: Odd logs Mark (Jun 04)
    - Re: Odd logs morning_wood (Jun 04)
    - Re: Odd logs peter moody (Jun 04)
  - Re: Odd logs Scott M. Algatt (Jun 04)
- Re: Odd logs Gerd Feiner (Jun 04)
- RE: Odd logs Dave Killion (Jun 04)
  - RE: Odd logs Scott M. Algatt (Jun 04)
  - RE: Odd logs Hans Brederode (Jun 04)
- Re: Odd logs Muhammad Faisal Rauf Danka (Jun 04)
  - Re: Odd logs morning_wood (Jun 04)
- Re: Odd logs Jeffrey H. Johnson (Jun 04)
  - Re: Re: Odd logs Scott M. Algatt (Jun 04)
    - Re: Re: Odd logs Gary E. Miller (Jun 04)
    - Re: Re: Odd logs morning_wood (Jun 04)
- Odd logs Michael Linke (Jun 04)