Re: Subseven Scans
From: Baribault, Gary (gary@baribault.net)Date: 08/12/02
- Previous message: Preston Kutzner: "Re[2]: Subseven Scans"
- In reply to: Preston Kutzner: "Re: Subseven Scans"
- Next in thread: H C: "Re: Subseven Scans"
- Next in thread: Rob Keown: "RE: Subseven Scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 12 Aug 2002 15:12:30 -0400 To: grdnwsl <grdnwsl@mrichi.com>, Rob Keown <Keown@MACDIRECT.COM> From: "Baribault, Gary" <gary@baribault.net>
Hum .. I just found a bunch of 27374 on one of my SDSL link with a few of
the 12345 scans. This link's firewall is allways way more active. My second
is an ADSL and it's usually quieter, this one has no 12345 but a few 27374.
Gary B
At 11:08 AM 8/12/2002 -0500, Preston Kutzner wrote:
>Hello Rob,
>
>Sunday, August 11, 2002, 8:42:50 AM, you wrote:
>
>RK> Anyone else seeing a huge increase in subseven scans...6708 since about
>RK> 0300Z - across all of my class C's and from quite a few sources
>(running the
>RK> query now to see how many).
>
>RK> Rob
>
>
>RK>
>----------------------------------------------------------------------------
>RK> This list is provided by the SecurityFocus ARIS analyzer service.
>RK> For more information on this free incident handling, management
>RK> and tracking system please see: http://aris.securityfocus.com
>
>I've seen quite a bit of traffic on ports tcp/12345 and tcp/27374.
>According to what I've seen, 27374 is a port used by quite a few
>versions of SubSeven, as for 12345, it's not mentioned that subseven
>runs on that port (that I've seen), but I am seeing attempted
>connections to these ports at the same time (maybe some other vuln
>attempt I'm not aware of? anyone?). Hope that helps.
>
>--
>Preston Kutzner | IT Manager
>Marketing Resources, Inc.
>
>_________________________________________________________________
>The information transmitted is intended only for the person or entity to
>which it is addressed and may contain confidential and/or privileged
>material. Any review, retransmission, dissemination or other use of, or
>taking of any action in reliance upon, this information by persons or
>entities other than the intended recipient is prohibited. If you received
>this in error, please contact the sender and delete the material from any
>computer.
>
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus ARIS analyzer service.
>For more information on this free incident handling, management
>and tracking system please see: http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Preston Kutzner: "Re[2]: Subseven Scans"
- In reply to: Preston Kutzner: "Re: Subseven Scans"
- Next in thread: H C: "Re: Subseven Scans"
- Next in thread: Rob Keown: "RE: Subseven Scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
