RE: DDoS to microsoft sites
From: Dave Ockwell-Jenner (doj@silk.solar-nexus.com)Date: 01/30/02
- Previous message: dlaumann@suntzu.net: "RE: Odd scan"
- In reply to: Ad***, Matt: "RE: DDoS to microsoft sites"
- Next in thread: Mike Lewinski: "Re: Re: DDoS to microsoft sites"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Jan 2002 14:27:39 -0500 (EST) From: Dave Ockwell-Jenner <doj@silk.solar-nexus.com> To: incidents@securityfocus.com
6667 may also be used by some APC UPS daemons common on some Windows
systems. May want to try and simulate an IRC connect via telnet to see if
it responds like an IRC server would.
-- Dave Ockwell-JennerOn Wed, 30 Jan 2002, Ad***, Matt wrote:
> I believe both tcp/6667 and tcp/6668 are both used for IRC. It would make > sense that these are network aware. I know other IMs are. > > Matt > > -----Original Message----- > From: Mike Lewinski [mailto:mike@rockynet.com] > > We were able to get a port scan of the other client's infected box, and it > too was running IIS and MS-SQL. However, in addition it also had tcp > 6667/6668 open. Ironically, this same client's server was running Linux two > years ago, and intruders installed an eggdrop bot there. I believe that > incident (which totaled their machine before any data recovery was possible) > caused them to look to a Microsoft solution.
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Previous message: dlaumann@suntzu.net: "RE: Odd scan"
- In reply to: Ad***, Matt: "RE: DDoS to microsoft sites"
- Next in thread: Mike Lewinski: "Re: Re: DDoS to microsoft sites"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
