Security Incidents mailing list archives
Re: Odd scan
From: Muhammad Faisal Rauf Danka <mfrd () attitudex com>
Date: Mon, 22 Jul 2002 05:11:27 -0700 (PDT)
What's so odd about it? you said it yourself that: 161 for SNMP 79 for finger and 1524 for the reason that many RPC exploits spawn shell on this port, and people use this port for their backdoors too. as far as your doubts about fingerd, there has been exploits for finger daemon. It's just a scan probably using synscan, and he had exploits for fingerd and snmp only, and also trying out his luck to find some left backdoored box on port 1524. It's quiet usual, looks like a newbie cracker scan on you. :) Regards, --------- Muhammad Faisal Rauf Danka Chief Technology Officer Gem Internet Services (Pvt) Ltd. web: www.gem.net.pk _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Promote your group and strengthen ties to your members with email () yourgroup org by Everyone.net http://www.everyone.net/?btn=tag ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Odd scan Tadas Miniotas (Jul 21)
- Re: Odd scan Russell Fulton (Jul 22)
- <Possible follow-ups>
- RE: Odd scan McCammon, Keith (Jul 22)
- Re: Odd scan Muhammad Faisal Rauf Danka (Jul 22)