Security Incidents mailing list archives
RE: Exploit on tcp/4128?
From: "Mueller, Lance" <lance.mueller () guidancesoftware com>
Date: Tue, 15 Feb 2005 12:13:36 -0800
Its looking for Optix Pro v1.3 backdoor...... There is specific data exchanged between the client program and the actual backdoor server program for Optix Pro.... Look slike a scanner that is looking for Optix Pro RAT's -lance- -----Original Message----- From: Lawrence Baldwin [mailto:baldwinL () mynetwatchman com] Sent: Mon 2/14/2005 1:59 PM To: incidents () securityfocus com; bugtraq () securityfocus com Cc: Subject: Exploit on tcp/4128? Anyone know what this is: D:\nc>nc -n -v 64.132.205.69 4128 (UNKNOWN) [64.132.205.69] 4128 (?) open 'ÖP? ? Version? 1.3? Error? ? ? Msg? Invalid Packet 'ÖP? ? Version? 1.3? Error? ? ? Msg? Invalid Packet 'ÖP? ? Version? 1.3? Error? ? ? Msg? Invalid Packet 'ÖP? ? Version? 1.3? Error? ? ? Msg? Invalid Packet 'ÖP? ? Version? 1.3? Error? ? ? Msg? Invalid Packet 'ÖP? ? Version? 1.3? Error? ? ? Msg? Invalid Packet ^C The same host above is scanning the *world* for this port: http://www.mynetwatchman.com/LID.asp?IID=146159119 Regards, Lawrence Baldwin myNetWatchman.com Note: The information contained in this message may be privileged and confidential and thus protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.
Current thread:
- Exploit on tcp/4128? Lawrence Baldwin (Feb 14)
- RE: Exploit on tcp/4128? David Gillett (Feb 14)
- RE: Exploit on tcp/4128? Jeff Mickey (Feb 14)
- Re: Exploit on tcp/4128? Doug Rutherford (Feb 15)
- Re: Exploit on tcp/4128? James Eaton-Lee (Feb 14)
- <Possible follow-ups>
- RE: Exploit on tcp/4128? Butterworth, Jim (Feb 14)
- RE: Exploit on tcp/4128? Lawrence Baldwin (Feb 14)
- Re: Exploit on tcp/4128? H Carvey (Feb 15)
- RE: Exploit on tcp/4128? Mueller, Lance (Feb 15)
- RE: Exploit on tcp/4128? David Gillett (Feb 14)