Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Scanning from source Port 220 for Port 21

From: <caldcv () students fccj org>
Date: 1 Apr 2004 02:26:36 -0000
In-Reply-To: <20040331162805.9303.qmail () search securityfocus com>


We have in the last 5 weeks seen an increase of scanning from port 220 to FTP. 
The traffic appears to follow the charachteristics of the Dameware scanning of months past.
Has anyone else noticed this on their networks? Do you have any idea what tool/worm may be used to cause this activity?



http://cert.uni-stuttgart.de/archive/intrusions/2004/02/msg00055.html

http://lists.elvandar.org/pipermail/securityfocus-incidents/2004-January/000042.html

  Apparantly, DameWare is a big thing. I think it's mainly contributed to the IRC warez scene, because its a popular 
tool for them to use. Do you have any possible infected hosts on your network that you don't know about?

-CC

---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at 
http://www.securityfocus.com/sponsor/Astaro_incidents_040301
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: