Re: Scanning from source Port 220 for Port 21

caldcv_at_students.fccj.org
Date: 04/01/04

  • Next message: Jamey Dillon: "RE: Scanning from source Port 220 for Port 21"
    Date: 1 Apr 2004 02:26:36 -0000
    To: incidents@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <20040331162805.9303.qmail@search.securityfocus.com>

    >We have in the last 5 weeks seen an increase of scanning from port 220 to FTP.
    >The traffic appears to follow the charachteristics of the Dameware scanning of months past.
    >Has anyone else noticed this on their networks? Do you have any idea what tool/worm may be used to cause this activity?
    >

    http://cert.uni-stuttgart.de/archive/intrusions/2004/02/msg00055.html

    http://lists.elvandar.org/pipermail/securityfocus-incidents/2004-January/000042.html

      Apparantly, DameWare is a big thing. I think it's mainly contributed to the IRC warez scene, because its a popular tool for them to use. Do you have any possible infected hosts on your network that you don't know about?

    -CC

    ---------------------------------------------------------------------------
    Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
    wireless security

    Protect your network against hackers, viruses, spam and other risks with Astaro
    Security Linux, the comprehensive security solution that combines six
    applications in one software solution for ease of use and lower total cost of
    ownership.

    Download your free trial at
    http://www.securityfocus.com/sponsor/Astaro_incidents_040301
    ----------------------------------------------------------------------------


  • Next message: Jamey Dillon: "RE: Scanning from source Port 220 for Port 21"

    Relevant Pages

    • RE: Entercept HIDS Question
      ... This is one of those it depends on your network and application ... Subject: Entercept HIDS Question ... Security Linux, the comprehensive security solution that combines six ...
      (Focus-IDS)
    • Re: blocking p2p traffic
      ... Network Security Specialist ... firewall with virus/spam protection, ... the comprehensive security solution that combines six ...
      (Focus-IDS)
    • Re: DHCP or Probe?
      ... somewhat limited understanding of cable network architecture, ... >> Security Linux, the comprehensive security solution that combines six ... > Protect your network against hackers, viruses, spam and other risks with Astaro ...
      (Incidents)
    • RE: help with exchange
      ... Network Administrator ... Subject: help with exchange ... Security Linux, the comprehensive security solution that combines six ...
      (Security-Basics)
    • RE: help with exchange
      ... Network Administrator ... Subject: help with exchange ... Security Linux, the comprehensive security solution that combines six ...
      (Security-Basics)