Security Incidents mailing list archives

Re: Odd scan

From: Muhammad Faisal Rauf Danka <mfrd () attitudex com>
Date: Mon, 22 Jul 2002 05:11:27 -0700 (PDT)

What's so odd about it?

you said it yourself that:
161 for SNMP
79 for finger
and 1524 for the reason that many RPC exploits spawn shell on this port, and people use this port for their backdoors 
too.

as far as your doubts about fingerd, there has been exploits for finger daemon.

It's just a scan probably using synscan, and he had exploits for fingerd and snmp only, and also trying out his luck to 
find some left backdoored box on port 1524.

It's quiet usual, looks like a newbie cracker scan on you. :)


Regards, 
---------
Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Promote your group and strengthen ties to your members with email () yourgroup org by Everyone.net  
http://www.everyone.net/?btn=tag

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Odd scan Tadas Miniotas (Jul 21)
- Re: Odd scan Russell Fulton (Jul 22)
- <Possible follow-ups>
- RE: Odd scan McCammon, Keith (Jul 22)
- Re: Odd scan Muhammad Faisal Rauf Danka (Jul 22)