Security Incidents mailing list archives
RE: Increase in Sub7 scans
From: David Endler <dendler () idefense com>
Date: Tue, 12 Jun 2001 11:34:5 -0500
Jack, Port 27374 is also used by other trojans such as Ramen, TTFloader, Seeker, Bad Blood, etc. It could be simply some script kiddies scanning for open subseven/backdoor zombies, etc using any number of free tools. Is there any pattern to the source of the scans (from china, .edu's, etc.) ? -dave David Endler, CISSP Practice Manager, iDEFENSE Risk Management Services 3975 Fair Ridge Drive Suite 400 Fairfax, VA 22033-2924 voice: 703.219.2408 fax: 703.359.5323 dendler () idefense com www.idefense.com -----Original Message----- From: Obert, Jack E. [mailto:JObert () sprg smhs com] Sent: Tuesday, June 12, 2001 9:43 AM To: 'incidents () securityfocus com' Subject: Increase in Sub7 scans Since February, I've been receiving tcp port scans for the default sub7 port (27374) at a rate of approximately 3-4 per day. Starting on June 8th to present, I've been receiving them at 9 times that rate. 6/5/01 - 3 Scans 6/6/01 - 4 Scans 6/7/01 - 3 Scans 6/8/01 - 8 Scans 6/9/01 - 14 Scans 6/10/01 - 38 Scans 6/11/01 - 22 Scans Any ideas on what could have sparked this increased scanning? A new utility? A new vulnerability related to sub7? New media publicity? Thanks Jack E. Obert, GSEC Technical Information Security Officer St. John's Health System
Current thread:
- Increase in Sub7 scans Obert, Jack E. (Jun 12)
- Re: Increase in Sub7 scans Eric S. Johnson (Jun 12)
- Re: Increase in Sub7 scans Adam Stanley (Jun 12)
- Re: Increase in Sub7 scans Daniel Martin (Jun 12)
- <Possible follow-ups>
- RE: Increase in Sub7 scans gene . g . beaird (Jun 12)
- Re: Increase in Sub7 scans sarnold (Jun 12)
- RE: Increase in Sub7 scans David Endler (Jun 12)
- Re: Increase in Sub7 scans Phil (Jun 12)
- Re: Increase in Sub7 scans Alan Hannan (Jun 13)
- RE: Increase in Sub7 scans bparis (Jun 12)
- Re: Increase in Sub7 scans Justin Shore (Jun 12)