In response to questions, the port scans I am seeing from identified CodeRed-infected hosts are as follows. UDP 69, 111, 137-138, 2049, various Windows trojan ports TCP 21, 23, 87, 111, 139, 512-515, 540, 6000-6033 Standard stuff, but it does concern me that these scans are coming from machines obviously compromised by CodeRed II. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 08 2001 - 10:55:29 PDT