Security Incidents mailing list archives
Re: increase of scans against port 1524
From: "Steven M. Christey" <coley () linus mitre org>
Date: Fri, 7 Jun 2002 12:36:15 -0400 (EDT)
ingreslock 1524/tcp ingres ingreslock 1524/udp ingresFor some reason, the script kiddie community has standardized on this port as a backdoor for most automated attacks... Though the vulnerabilities and tools are constantly changing, we have repeatedly seen the use of 1524 as the backdoor.
This is probably because new shellcode for buffer overflows is still difficult to write, so many exploit writers (and subsequently script kiddies) "cut and paste" the same shellcode over and over again. - Steve ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- increase of scans against port 1524 High Speed (Jun 05)
- Re: increase of scans against port 1524 Joe Matusiewicz (Jun 05)
- Re: increase of scans against port 1524 GrdnWsl (Jun 05)
- Re: increase of scans against port 1524 Drew Schaffner (Jun 05)
- Re: increase of scans against port 1524 Michael Katz (Jun 05)
- RE: increase of scans against port 1524 Antonio Montes (Jun 05)
- Re: increase of scans against port 1524 gminick (Jun 05)
- Re: increase of scans against port 1524 gminick (Jun 05)
- Re: increase of scans against port 1524 Lance Spitzner (Jun 05)
- <Possible follow-ups>
- RE: increase of scans against port 1524 Foster, Belinda (Jun 05)
- Re: increase of scans against port 1524 Steven M. Christey (Jun 07)