Security Incidents mailing list archives
RE: Exploit on tcp/4128?
From: Jeff Mickey <jmic () doorknob id iit edu>
Date: Mon, 14 Feb 2005 16:56:39 -0600
A quick google shows "RedShad" and "RCServ"..one in the same?..
both from 2002, Windows trojans, and covered by virus checkers.
jeff
On Mon, 14 Feb 2005, David Gillett wrote:
3128 is a commonly-scanned proxy port. Maybe it's a typo? David Gillett-----Original Message----- From: Lawrence Baldwin [mailto:baldwinL () mynetwatchman com] Sent: Monday, February 14, 2005 2:00 PM To: incidents () securityfocus com; bugtraq () securityfocus com Subject: Exploit on tcp/4128? Anyone know what this is: D:\nc>nc -n -v 64.132.205.69 4128 (UNKNOWN) [64.132.205.69] 4128 (?) open '?P? ? Version? 1.3? Error? ? ? Msg? Invalid Packet '?P? ? Version? 1.3? Error? ? ? Msg? Invalid Packet '?P? ? Version? 1.3? Error? ? ? Msg? Invalid Packet '?P? ? Version? 1.3? Error? ? ? Msg? Invalid Packet '?P? ? Version? 1.3? Error? ? ? Msg? Invalid Packet '?P? ? Version? 1.3? Error? ? ? Msg? Invalid Packet ^C The same host above is scanning the *world* for this port: http://www.mynetwatchman.com/LID.asp?IID=146159119 Regards, Lawrence Baldwin myNetWatchman.com
Current thread:
- Exploit on tcp/4128? Lawrence Baldwin (Feb 14)
- RE: Exploit on tcp/4128? David Gillett (Feb 14)
- RE: Exploit on tcp/4128? Jeff Mickey (Feb 14)
- Re: Exploit on tcp/4128? Doug Rutherford (Feb 15)
- Re: Exploit on tcp/4128? James Eaton-Lee (Feb 14)
- <Possible follow-ups>
- RE: Exploit on tcp/4128? Butterworth, Jim (Feb 14)
- RE: Exploit on tcp/4128? Lawrence Baldwin (Feb 14)
- Re: Exploit on tcp/4128? H Carvey (Feb 15)
- RE: Exploit on tcp/4128? Mueller, Lance (Feb 15)
- RE: Exploit on tcp/4128? David Gillett (Feb 14)