Security Incidents mailing list archives

Re: increase of scans against port 1524

From: "Steven M. Christey" <coley () linus mitre org>
Date: Fri, 7 Jun 2002 12:36:15 -0400 (EDT)

ingreslock   1524/tcp    ingres
ingreslock   1524/udp    ingres


For some reason, the script kiddie community has standardized on this
port as a backdoor for most automated attacks...  Though the
vulnerabilities and tools are constantly changing, we have repeatedly
seen the use of 1524 as the backdoor.


This is probably because new shellcode for buffer overflows is still
difficult to write, so many exploit writers (and subsequently script
kiddies) "cut and paste" the same shellcode over and over again.

- Steve

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

increase of scans against port 1524 High Speed (Jun 05)
- Re: increase of scans against port 1524 Joe Matusiewicz (Jun 05)
- Re: increase of scans against port 1524 GrdnWsl (Jun 05)
  - Re: increase of scans against port 1524 Drew Schaffner (Jun 05)
- Re: increase of scans against port 1524 Michael Katz (Jun 05)
- RE: increase of scans against port 1524 Antonio Montes (Jun 05)
- Re: increase of scans against port 1524 gminick (Jun 05)
- Re: increase of scans against port 1524 gminick (Jun 05)
- Re: increase of scans against port 1524 Lance Spitzner (Jun 05)
- <Possible follow-ups>
- RE: increase of scans against port 1524 Foster, Belinda (Jun 05)
- Re: increase of scans against port 1524 Steven M. Christey (Jun 07)