*BSD Telnetd

[John <johns () tampabay rr com>]

Well, I am starting to see the first few known
compromises that have used the new telnetd code.

Also, at work we went from three tcp/23 scans
a day to ten tcp/23 scans today. At home I have
gone from three tcp/23 scans a day to three
tcp/23 scans today.

These systems seem to have been compromised with
the new telnetd code.

Insufficient responses for TCP sequencing (3), OS detection may be less
accurate
Interesting ports on www.bitch.org (209.81.14.26):
(The 1536 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp                     
22/tcp     open        ssh                     
23/tcp     open        telnet                  
80/tcp     open        http                    
111/tcp    open        sunrpc                  
3306/tcp   open        mysql                   

Remote operating system guess: FreeBSD 4.3
Uptime 60.924 days (since Thu May 24 12:28:20 2001)

Insufficient responses for TCP sequencing (2), OS detection may be less
accurate
Interesting ports on  (216.173.214.13):
(The 1533 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp                     
22/tcp     open        ssh                     
23/tcp     open        telnet                  
25/tcp     open        smtp                    
80/tcp     open        http                    
110/tcp    open        pop-3                   
111/tcp    open        sunrpc                  
113/tcp    open        auth                    
587/tcp    open        submission              

Remote OS guesses: FreeBSD 4.1.1 - 4.3 (X86), FreeBSD 4.3

(the below might have been; just a guess)
Insufficient responses for TCP sequencing (1), OS detection may be less
accurate
Interesting ports on pacn3t.iserver.net (128.121.112.167):
(The 1517 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp                     
22/tcp     open        ssh                     
23/tcp     open        telnet                  
25/tcp     open        smtp                    
26/tcp     open        unknown                 
53/tcp     open        domain                  
79/tcp     open        finger                  
80/tcp     open        http                    
100/tcp    open        newacct                 
106/tcp    open        pop3pw                  
110/tcp    open        pop-3                   
119/tcp    open        nntp                    
139/tcp    open        netbios-ssn             
143/tcp    open        imap2                   
443/tcp    open        https                   
465/tcp    open        smtps                   
513/tcp    open        login                   
514/tcp    open        shell                   
990/tcp    open        ftps                    
992/tcp    open        telnets                 
993/tcp    open        imaps                   
995/tcp    open        pop3s                   
2401/tcp   open        cvspserver              
3306/tcp   open        mysql                   
5190/tcp   open        aol                     

Remote OS guesses: FreeBSD 4.1.1 - 4.3 (X86), FreeBSD 4.3

DShield reports have shown that tcp/23 scans have gone up too.

http://www1.dshield.org/port_report.php?port=23

http://www.incidents.org/cid/query/top_10port_7.php

-- 
The events which transpired five thousand years ago; Five 
years ago or five minutes ago, have determined what will
happen five minutes from now; five years From now or five
thousand years from now. All history is a current event.
- Dr John Henrik Clake -

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com