Port scans from CodeRed-infected hosts

From: Kyle Maus (sargonat_private)
Date: Wed Aug 08 2001 - 08:09:32 PDT

Next message: Nelson Neves: "Re: New Method for Blocking Code Red and Similar Exploits"

Previous message: Steve Halligan: "RE: Code Red II - Dead Thread"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In response to questions, the port scans I am seeing from identified 
CodeRed-infected hosts are as follows.

UDP	69, 111, 137-138, 2049, various Windows trojan ports
TCP	21, 23, 87, 111, 139, 512-515, 540, 6000-6033

Standard stuff, but it does concern me that these scans are coming from 
machines obviously compromised by CodeRed II.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Nelson Neves: "Re: New Method for Blocking Code Red and Similar Exploits"
Previous message: Steve Halligan: "RE: Code Red II - Dead Thread"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Aug 08 2001 - 10:55:29 PDT