RE: Exploit on tcp/4128?

From: Jeff Mickey (jmic_at_doorknob.id.iit.edu)
Date: 02/14/05

  • Next message: James Eaton-Lee: "Re: Exploit on tcp/4128?"
    Date: Mon, 14 Feb 2005 16:56:39 -0600
    To: incidents@securityfocus.com
    
    

            A quick google shows "RedShad" and "RCServ"..one in the same?..
    both from 2002, Windows trojans, and covered by virus checkers.
    jeff

    On Mon, 14 Feb 2005, David Gillett wrote:

    > 3128 is a commonly-scanned proxy port. Maybe it's a typo?
    >
    > David Gillett
    >
    >
    > > -----Original Message-----
    > > From: Lawrence Baldwin [mailto:baldwinL@mynetwatchman.com]
    > > Sent: Monday, February 14, 2005 2:00 PM
    > > To: incidents@securityfocus.com; bugtraq@securityfocus.com
    > > Subject: Exploit on tcp/4128?
    > >
    > >
    > > Anyone know what this is:
    > >
    > > D:\nc>nc -n -v 64.132.205.69 4128
    > > (UNKNOWN) [64.132.205.69] 4128 (?) open
    > >
    > > 'ÍP? ? Version? 1.3? Error? ? ? Msg?
    > > Invalid Packet
    > > 'ÍP? ? Version? 1.3? Error? ? ? Msg?
    > > Invalid Packet
    > > 'ÍP? ? Version? 1.3? Error? ? ? Msg?
    > > Invalid Packet
    > > 'ÍP? ? Version? 1.3? Error? ? ? Msg?
    > > Invalid Packet
    > >
    > > 'ÍP? ? Version? 1.3? Error? ? ? Msg?
    > > Invalid Packet
    > > 'ÍP?
    > > ? Version? 1.3? Error? ? ? Msg? Invalid
    > > Packet ^C
    > >
    > >
    > > The same host above is scanning the *world* for this port:
    > >
    > > http://www.mynetwatchman.com/LID.asp?IID=146159119
    > >
    > > Regards,
    > >
    > > Lawrence Baldwin
    > > myNetWatchman.com
    > >
    >
    >


  • Next message: James Eaton-Lee: "Re: Exploit on tcp/4128?"