Re: New script-kiddie looking scan

From: Chris Ess (
Date: 06/19/02

Date: Tue, 18 Jun 2002 19:27:04 -0400 (EDT)
From: Chris Ess <>
To: zeno <>

> > WinAmp leaves me baffled. Maybe someone can answer that part of the
> > equation.
> Often people with cable or dsl download a lot of mp3's because the bandwith is available.
> Perhaps also waiting for a winamp hole to surface for use with ddos nets? Perhaps one
> already exists which isn't known?

The problem is that Winamp doesn't listen on 8000 normally -- at least in
my experience. Shoutcast servers (used for streaming mp3s for such things
as Internet 'radio stations') listen on ports 8000 to 8002. At the
beginning of this month, a remote buffer overflow vulernability was
announced for Shoutcast 1.8.9. The link is below:

Also, I have seen several proxies use port 8000 instead of 8080, so that
may be what the parties responsible are looking for.

Hope this helps.


Christopher Ess
System Administrator / CDTT (Certified Duct Tape Technician)

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: