On Fri, 24 Aug 2001, Sevo Stille wrote: Mr. Sevo From my experience.watchin defaced AIX systems all day long and see what port they have open i draw this conclustion. This has not been added to public notice or i would not have went into this discussion at all. There is no flaw in it. Just a way to determite an operating system. We are talking about script kiddies that want * to deface. I also refer to our database. 99% of all defaced AIX has this port open. Since this has been a long discussion about this i want to point out once again. No flaw / determite OS and after that exploit the AIX. > axess wrote: > > > 2401/tcp cvspserver > > > > This port is used by AIX > > > I'd be surprised if it were - it would make anon-cvs rather awkward to > run on AIX, and that probably would have made it into public knowledge. > This is the default port for CVS servers, anon included. And the number > of the latter alone will probably outnumber the count of open AIX > systems on the net by a magnitude or more... > > I'd expect 2401 scans to look for CVS rather than AIX. Have any new CVS > exploits cropped up? Of course, people might just be looking for open > accounts or public access to private archives... > > Sevo > > -- Mikael Olsson axess - axessat_private system administrator IT-Security Information Network http://www.alldas.de ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 27 2001 - 12:54:27 PDT