OK, what's up with all of the attention on port 631/tcp from the k1dd33z? We've seen an increase from zero to a couple of scans (walks across several class C nets) per day, Jul01 0 Jul02 0 Jul03 0 .. Jul14 0 Jul15 0 Jul16 1 Jul17 2 Jul18 3 Jul19 3 Jul20 2 Jul21 1 Jul22 1 Jul23 3 I don't recall any new problems with port 631/tcp. One of the IIS issues was print related, but I thought it was expoited via an HTTP (80/tcp) interface to the IPP services, not via 631/tcp. Some kiddies have a 0-day? Or is one of those things where someone starts looking for some ancient hole (e.g. occasional flurries of activity looking for old POP exploits)? -- Crist J. Clark Network Security Engineer crist.clarkat_private Globalstar, L.P. (408) 933-4387 FAX: (408) 933-4926 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmasterat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 21:16:40 PDT