Re: Odd scan
From: Muhammad Faisal Rauf Danka (mfrd@attitudex.com)Date: 07/22/02
- Previous message: Ingersoll, Jared: "diagnose compromise on NT"
- Maybe in reply to: Tadas Miniotas: "Odd scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 22 Jul 2002 05:11:27 -0700 (PDT) From: Muhammad Faisal Rauf Danka <mfrd@attitudex.com> To: incidents@securityfocus.com
What's so odd about it?
you said it yourself that:
161 for SNMP
79 for finger
and 1524 for the reason that many RPC exploits spawn shell on this port, and people use this port for their backdoors too.
as far as your doubts about fingerd, there has been exploits for finger daemon.
It's just a scan probably using synscan, and he had exploits for fingerd and snmp only, and also trying out his luck to find some left backdoored box on port 1524.
It's quiet usual, looks like a newbie cracker scan on you. :)
Regards,
---------
Muhammad Faisal Rauf Danka
Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------
_____________________________________________________________
Promote your group and strengthen ties to your members with email@yourgroup.org by Everyone.net http://www.everyone.net/?btn=tag
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Ingersoll, Jared: "diagnose compromise on NT"
- Maybe in reply to: Tadas Miniotas: "Odd scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
