Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New script-kiddie looking scan

From: Chris Ess <azarin () tokimi net>
Date: Tue, 18 Jun 2002 19:27:04 -0400 (EDT)
WinAmp leaves me baffled. Maybe someone can answer that part of the
equation.


Often people with cable or dsl download a lot of mp3's because the bandwith is available.
Perhaps also waiting for a winamp hole to surface for use with ddos nets? Perhaps one
already exists which isn't known?


The problem is that Winamp doesn't listen on 8000 normally -- at least in
my experience.  Shoutcast servers (used for streaming mp3s for such things
as Internet 'radio stations') listen on ports 8000 to 8002.  At the
beginning of this month, a remote buffer overflow vulernability was
announced for Shoutcast 1.8.9.  The link is below:

http://online.securityfocus.com/bid/4934


Also, I have seen several proxies use port 8000 instead of 8080, so that
may be what the parties responsible are looking for.

Hope this helps.

Sincerely,

Christopher Ess
System Administrator / CDTT (Certified Duct Tape Technician)


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: