Security Incidents mailing list archives
New script-kiddie looking scan
From: Jeff Kell <jeff-kell () utc edu>
Date: Tue, 18 Jun 2002 00:27:41 -0400
I'm noticing a growing number of scans of four ports (1433, 8000, 3128, and 8080, in succession from increasing source ports). These are MS-SQL, WinAmp, Ring Zero, and HTTP proxy. The scans look like: 2002/06/15 05:12:45 217.34.122.73:2374 (host217-34-122-73.in-addr.btopenworld.com) 24.158.203.217:8080 HTTP Proxy Scan 2002/06/15 05:12:45 217.34.122.73:2375 (host217-34-122-73.in-addr.btopenworld.com) 24.158.203.217:3128 RingZero 2002/06/15 05:12:45 217.34.122.73:2376 (host217-34-122-73.in-addr.btopenworld.com) 24.158.203.217:8000 WinAmp Shoutcast / iRDMI 2002/06/15 05:12:45 217.34.122.73:2377 (host217-34-122-73.in-addr.btopenworld.com) 24.158.203.217:1433 Microsoft-SQL-Server These have come from sources as diverse as Great Britain, Italy, China, etc. I suppose the $64K question is: is this a simple script-kiddie scan, or perhaps a new worm signature as it attempts to propagate? Jeff ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- DOS by Flooding a Network Richard Ginski (Jun 17)
- Re: DOS by Flooding a Network jlewis (Jun 17)
- New script-kiddie looking scan Jeff Kell (Jun 18)
- Re: New script-kiddie looking scan Luis Bruno (Jun 18)
- Re: New script-kiddie looking scan zeno (Jun 18)
- Re: New script-kiddie looking scan Chris Ess (Jun 18)
- Re: New script-kiddie looking scan Alain Fauconnet (Jun 18)
- Re: New script-kiddie looking scan Steffen Dettmer (Jun 19)
- New script-kiddie looking scan Jeff Kell (Jun 18)
- Re: New script-kiddie looking scan Russell Fulton (Jun 18)
- Re: DOS by Flooding a Network jlewis (Jun 17)
- Re: DOS by Flooding a Network Vitaly Osipov (Jun 18)
- <Possible follow-ups>
- Re: DOS by Flooding a Network Richard Ginski (Jun 18)