Re: Odd scan

From: Muhammad Faisal Rauf Danka (mfrd@attitudex.com)
Date: 07/22/02


Date: Mon, 22 Jul 2002 05:11:27 -0700 (PDT)
From: Muhammad Faisal Rauf Danka <mfrd@attitudex.com>
To: incidents@securityfocus.com

What's so odd about it?

you said it yourself that:
161 for SNMP
79 for finger
and 1524 for the reason that many RPC exploits spawn shell on this port, and people use this port for their backdoors too.

as far as your doubts about fingerd, there has been exploits for finger daemon.

It's just a scan probably using synscan, and he had exploits for fingerd and snmp only, and also trying out his luck to find some left backdoored box on port 1524.

It's quiet usual, looks like a newbie cracker scan on you. :)

Regards,
---------
Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Promote your group and strengthen ties to your members with email@yourgroup.org by Everyone.net http://www.everyone.net/?btn=tag

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com